CVE-2025-9822
published 2025-09-03CVE-2025-9822: SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn…
PriorityP432medium5.5CVSS 3.1
AVNACLPRHUINSUCHILAN
EPSS
0.22%
13.0th percentile
SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.
ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mautic | core | >= 4.4.0 < 4.4.17 | 4.4.17 |
| mautic | core | >= 5.0.0-alpha < 5.2.8 | 5.2.8 |
| mautic | core | >= 6.0.0-alpha < 6.0.5 | 6.0.5 |
| mautic | mautic | >= >= 4.4.0 < < 4.4.17 | < 4.4.17 |
| mautic | mautic | >= >= 5.0.0-alpha < < 5.2.8 | < 5.2.8 |
| mautic | mautic | >= >= 6.0.0-alpha < < 6.0.5 | < 6.0.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mautic vulnerable to secret data extraction via elfinder
ghsa·2025-09-03
CVE-2025-9822 [MEDIUM] CWE-283 Mautic vulnerable to secret data extraction via elfinder
Mautic vulnerable to secret data extraction via elfinder
### Summary
_A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available._
### Impact
_An administrator who usually does not have access to certain parameters, such as database credentials, can disclose them._
OSV
Mautic vulnerable to secret data extraction via elfinder
osv·2025-09-03
CVE-2025-9822 [MEDIUM] Mautic vulnerable to secret data extraction via elfinder
Mautic vulnerable to secret data extraction via elfinder
### Summary
_A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available._
### Impact
_An administrator who usually does not have access to certain parameters, such as database credentials, can disclose them._
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-03
Published