Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-5257

Good to know:

icon

Date: May 28, 2025

SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information. Unauthorized Access to Unpublished Page Previews: The page preview functionality for unpublished content, accessible via predictable URLs (e.g., /page/preview/1, /page/preview/2), lacked proper authorization checks. This allowed any unauthenticated user to view content that was not yet intended for public release, and allowed search engines to index these private preview URLs, making the content publicly discoverable. MitigationMautic has patched this vulnerability by enforcing proper permission checks on preview pages. Users should upgrade to the patched version of Mautic or later.

Severity Score

Related Resources (4)

https://nvd.nist.gov/vuln/detail/CVE-2025-5257
https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8
https://github.com/mautic/mautic
https://www.mend.io/vulnerability-database/CVE-2025-5257

Severity Score

Weakness Type (CWE)

Improper Access Control

CWE-284

Improper Validation of Specified Quantity in Input

CWE-1284

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/mautic/mautic.git - 6.0.2;https://github.com/mautic/mautic.git - 5.2.6

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us