Refine your search
2 vulnerabilities found for by Mautic
CVE-2025-13828 (GCVE-0-2025-13828)
Vulnerability from cvelistv5
Published
2025-12-02 16:54
Modified
2025-12-02 17:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.
ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T17:11:56.937488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T17:12:20.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"status": "affected",
"version": "\u003c4.4.18, \u003c5.2.9, \u003c6.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jason Woods (driskell)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jason Woods (driskell)"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Jan Linhart (escopecz)"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka (patrykgruszka)"
}
],
"datePublic": "2025-12-01T15:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch2\u003eSummary\u003c/h2\u003e\u003cp\u003eA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.\u003c/p\u003e\u003ch2\u003eImpact\u003c/h2\u003e\u003cp\u003eA low-privileged user of the platform can install malicious code to obtain higher privileges.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.\n\nImpactA low-privileged user of the platform can install malicious code to obtain higher privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:54:58.898Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-3fq7-c5m8-g86x"
}
],
"source": {
"advisory": "GHSA-3fq7-c5m8-g86x",
"discovery": "EXTERNAL"
},
"title": "Mautic user without privileged access to the Marketplace can install and uninstall composer packages",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2025-13828",
"datePublished": "2025-12-02T16:54:58.898Z",
"dateReserved": "2025-12-01T15:20:25.618Z",
"dateUpdated": "2025-12-02T17:12:20.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13827 (GCVE-0-2025-13827)
Vulnerability from cvelistv5
Published
2025-12-02 16:54
Modified
2025-12-02 17:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Summary
Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted.
ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T17:10:05.493140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T17:10:25.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"status": "affected",
"version": "\u003c4.4.18, \u003c5.2.9, \u003c6.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jason Woods (driskell)"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka (patrykgruszka)"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Jan Linhart (escopecz)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jason Woods (driskell)"
}
],
"datePublic": "2025-12-01T15:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch2\u003eSummary\u003c/h2\u003e\u003cbr\u003eArbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. \u003cbr\u003e\u003ch2\u003eImpact\u003c/h2\u003eIf the media folder is not restricted from running files this can lead to a remote code execution."
}
],
"value": "Summary\nArbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. \nImpactIf the media folder is not restricted from running files this can lead to a remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-244",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-244 XSS Targeting URI Placeholders"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:54:39.986Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp"
}
],
"source": {
"advisory": "GHSA-5xw2-57jx-pgjp",
"discovery": "EXTERNAL"
},
"title": "GrapesJsBuilder File Upload allows all file uploads",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2025-13827",
"datePublished": "2025-12-02T16:54:39.986Z",
"dateReserved": "2025-12-01T15:20:24.945Z",
"dateUpdated": "2025-12-02T17:10:25.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}