Unverified Ownership

CVE-2025-9822

Medium

5.5/10

Summary

Mautic is vulnerable to secret data extraction via elfinder. A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. An administrator who usually does not have access to certain parameters, such as database credentials, can disclose them. This issue affects mautic/core and mautic/core-lib versions through 5.2.7, 6.0.0-alpha through 6.0.4, and 7.0.0-alpha.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-283 - Unverified Ownership

The software does not properly verify that a critical resource is owned by the proper entity.

References

Advisory
mautic/core

Advisory Timeline

Published Sep 03, 2025

Unverified Ownership

CVE-2025-9822

Summary

CWE-283 - Unverified Ownership

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS