CVE-2025-9822 (GCVE-0-2025-9822)

Vulnerability from cvelistv5 – Published: 2025-09-03 13:55 – Updated: 2025-09-03 14:09
VLAI?
Summary
SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Mautic Mautic Affected: >= 4.4.0 , < < 4.4.17 (semver)
Affected: >= 5.0.0-alpha , < < 5.2.8 (semver)
Affected: >= 6.0.0-alpha , < < 6.0.5 (semver)
Create a notification for this product.
Credits
B0D0B0P0T lenonleite kuzmany
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9822",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-03T14:08:49.982448Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-03T14:09:46.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://packagist.org",
          "defaultStatus": "unaffected",
          "packageName": "mautic/core",
          "product": "Mautic",
          "repo": "https://github.com/mautic/mautic",
          "vendor": "Mautic",
          "versions": [
            {
              "lessThan": "\u003c 4.4.17",
              "status": "affected",
              "version": "\u003e= 4.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "\u003c 5.2.8",
              "status": "affected",
              "version": "\u003e= 5.0.0-alpha",
              "versionType": "semver"
            },
            {
              "lessThan": "\u003c 6.0.5",
              "status": "affected",
              "version": "\u003e= 6.0.0-alpha",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "B0D0B0P0T"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "lenonleite"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "kuzmany"
        }
      ],
      "datePublic": "2025-09-03T08:56:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ch3\u003eSummary\u003c/h3\u003e\u003cp\u003e\u003cem\u003eA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.\u003c/em\u003e\u003c/p\u003e\u003ch3\u003eImpact\u003c/h3\u003e\u003cp\u003e\u003cem\u003eAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.\u003c/em\u003e\u003c/p\u003e"
            }
          ],
          "value": "SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.\n\nImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-283",
              "description": "CWE-283",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-03T13:55:12.870Z",
        "orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
        "shortName": "Mautic"
      },
      "references": [
        {
          "url": "https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w"
        }
      ],
      "source": {
        "advisory": "GHSA-438m-6mhw-hq5w",
        "discovery": "EXTERNAL"
      },
      "title": "Secret data extraction via elfinder",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
    "assignerShortName": "Mautic",
    "cveId": "CVE-2025-9822",
    "datePublished": "2025-09-03T13:55:12.870Z",
    "dateReserved": "2025-09-02T08:22:34.513Z",
    "dateUpdated": "2025-09-03T14:09:46.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-9822\",\"sourceIdentifier\":\"security@mautic.org\",\"published\":\"2025-09-03T14:15:46.247\",\"lastModified\":\"2025-09-04T15:36:56.447\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.\\n\\nImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@mautic.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security@mautic.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-283\"}]}],\"references\":[{\"url\":\"https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w\",\"source\":\"security@mautic.org\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9822\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-03T14:08:49.982448Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-03T14:09:33.496Z\"}}], \"cna\": {\"title\": \"Secret data extraction via elfinder\", \"source\": {\"advisory\": \"GHSA-438m-6mhw-hq5w\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"B0D0B0P0T\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"lenonleite\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"kuzmany\"}], \"impacts\": [{\"capecId\": \"CAPEC-1\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/mautic/mautic\", \"vendor\": \"Mautic\", \"product\": \"Mautic\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.4.0\", \"lessThan\": \"\u003c 4.4.17\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"\u003e= 5.0.0-alpha\", \"lessThan\": \"\u003c 5.2.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"\u003e= 6.0.0-alpha\", \"lessThan\": \"\u003c 6.0.5\", \"versionType\": \"semver\"}], \"packageName\": \"mautic/core\", \"collectionURL\": \"https://packagist.org\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-09-03T08:56:00.000Z\", \"references\": [{\"url\": \"https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.\\n\\nImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ch3\u003eSummary\u003c/h3\u003e\u003cp\u003e\u003cem\u003eA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.\u003c/em\u003e\u003c/p\u003e\u003ch3\u003eImpact\u003c/h3\u003e\u003cp\u003e\u003cem\u003eAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.\u003c/em\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-283\", \"description\": \"CWE-283\"}]}], \"providerMetadata\": {\"orgId\": \"4e531c38-7a33-45d3-98dd-d909c0d8852e\", \"shortName\": \"Mautic\", \"dateUpdated\": \"2025-09-03T13:55:12.870Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-9822\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-03T14:09:46.199Z\", \"dateReserved\": \"2025-09-02T08:22:34.513Z\", \"assignerOrgId\": \"4e531c38-7a33-45d3-98dd-d909c0d8852e\", \"datePublished\": \"2025-09-03T13:55:12.870Z\", \"assignerShortName\": \"Mautic\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.