6 matches found
CVE-2025-9822
SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...
Mautic vulnerable to secret data extraction via elfinder
Summary A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. Impact An administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...
CVE-2025-9822
SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...
CVE-2025-9822
CVE-2025-9822 affects mautic (core/lib related), describing an improper access control that allows an administrator to modify configuration and extract secrets (e.g., database credentials) via the elfinder component. The issue is documented across multiple sources (GitHub advisory GHSA-438M-6MHW-...
PT-2025-35722
Name of the Vulnerable Software and Affected Versions: mautic affected versions not specified Description: A user with administrator rights can modify the application’s configuration and extract sensitive information that is normally inaccessible. This allows an administrator to disclose...
Secret data exfiltration via symfony parameters
Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...