Home > Vulnerability Database > CVE-2025-13827

Mend.io Vulnerability Database

CVE-2025-13827

Good to know:

Date: December 2, 2025

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.

Severity Score

9.0

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-13827

Url: https://github.com/mautic/mautic

Url: https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp

Url: https://www.mend.io/vulnerability-database/CVE-2025-13827

Severity Score

9.0

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

Top Fix

Upgrade Version

Upgrade to version mautic/grapes-js-builder-bundle - 4.4.18;mautic/grapes-js-builder-bundle - 5.2.9;mautic/grapes-js-builder-bundle - 6.0.7

Learn More

CVSS v3.1

Base Score:	9.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-13827

Good to know:

Date: December 2, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?