cbcvebase.
CVE-2025-9822
published 2025-09-03

CVE-2025-9822: SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn…

PriorityP432medium5.5CVSS 3.1
AVNACLPRHUINSUCHILAN
EPSS
0.22%
13.0th percentile
SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.

Affected

6 ranges
VendorProductVersion rangeFixed in
mauticcore>= 4.4.0 < 4.4.174.4.17
mauticcore>= 5.0.0-alpha < 5.2.85.2.8
mauticcore>= 6.0.0-alpha < 6.0.56.0.5
mauticmautic>= >= 4.4.0 < < 4.4.17< 4.4.17
mauticmautic>= >= 5.0.0-alpha < < 5.2.8< 5.2.8
mauticmautic>= >= 6.0.0-alpha < < 6.0.5< 6.0.5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.