CVE-2025-5256 Open Redirect vulnerability on user unlock path

SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits. Open Redirection...

CVE-2025-5256 Open Redirect vulnerability on user unlock path

SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits. Open Redirection...

CVE-2025-5256

CVE-2025-5256 Open Redirect in Mautic : The vulnerability affects the /s/action/unlock/user.user/0 endpoint where the returnUrl parameter is not properly validated, allowing an attacker to redirect users to arbitrary external sites. Reported impact includes phishing and delivery of exploits when ...

PT-2025-23122 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to the version that properly validates or sanitizes the returnUrl parameter Description: The issue is related to an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploite...

Stored XSS vulnerability on Bounce Management Callback

Impact Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and...