Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/09/05 2:23 p.m.5 views

CVE-2025-9822

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

5.5CVSS6.8AI score0.00225EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/03 10:18 p.m.6 views

Mautic vulnerable to secret data extraction via elfinder

Summary A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. Impact An administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

5.5CVSS6.9AI score0.00225EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/09/03 2:15 p.m.3 views

CVE-2025-9822

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

5.5CVSS5.8AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2025/09/03 1:55 p.m.14 views

CVE-2025-9822

CVE-2025-9822 affects mautic (core/lib related), describing an improper access control that allows an administrator to modify configuration and extract secrets (e.g., database credentials) via the elfinder component. The issue is documented across multiple sources (GitHub advisory GHSA-438M-6MHW-...

5.5CVSS6.3AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.4 views

PT-2025-35722

Name of the Vulnerable Software and Affected Versions: mautic affected versions not specified Description: A user with administrator rights can modify the application’s configuration and extract sensitive information that is normally inaccessible. This allows an administrator to disclose...

5.5CVSS5.9AI score0.00225EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.24 views

Secret data exfiltration via symfony parameters

Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...

5.8CVSS5.1AI score0.00345EPSS
Exploits1Affected Software1
Rows per page
Query Builder