Vulnerability DatabaseCVE-2025-9822
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-9822
September 03, 2025
SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.
Affected Packages
mautic/core (PHP):
Affected version(s) >=5.0.0 <5.2.8
Fix Suggestion:
Update to version 5.2.8
mautic/core (PHP):
Affected version(s) >=4.4.0 <4.4.17
Fix Suggestion:
Update to version 4.4.17
mautic/core (PHP):
Affected version(s) >=6.0.0 <6.0.5
Fix Suggestion:
Update to version 6.0.5
Related ResourcesĀ (5)
https://github.com/mautic/mautic/commit/882c2c5be646e36f7b91e7c4b24f71aafa617cd5
https://nvd.nist.gov/vuln/detail/CVE-2025-9822
https://github.com/mautic/mautic
https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w
https://github.com/mautic/mautic/commit/a310b1933de7cfefec03382a4d8c0d9dbbaa0600
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Unverified Ownership
CWE-283
EPSS
Base Score:
0.04