CVE-2022-25770

7.8

High

Published:18 Sep 2024

Last updated:17 Jun 2026

Source:security@mautic.org

Analyzed

Weakness (CWE)

CWE-306Missing Authentication for Critical Function

CVSS Vector

v3.1

Attack Vector: Local
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality: None
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

References

security@mautic.org

https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc