CVE-2022-25777 - Vulnerability Details

Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Acquia	Mautic

Configuration 1 [-]

OR	cpe:2.3:a:acquia:mautic::::::::
	cpe:2.3:a:acquia:mautic::::::::
	cpe:2.3:a:acquia:mautic:1.0.0:-::::::
	cpe:2.3:a:acquia:mautic:1.0.0:beta4::::::
	cpe:2.3:a:acquia:mautic:1.0.0:rc1::::::
	cpe:2.3:a:acquia:mautic:1.0.0:rc2::::::
	cpe:2.3:a:acquia:mautic:1.0.0:rc3::::::
	cpe:2.3:a:acquia:mautic:1.0.0:rc4::::::

No data.

References

Link	Providers
https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00094}`	epss `{'score': 0.00104}`

Thu, 27 Feb 2025 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Acquia Acquia mautic
CPEs		cpe:2.3:a:acquia:mautic:::::::: cpe:2.3:a:acquia:mautic:1.0.0:-:::::: cpe:2.3:a:acquia:mautic:1.0.0:beta4:::::: cpe:2.3:a:acquia:mautic:1.0.0:rc1:::::: cpe:2.3:a:acquia:mautic:1.0.0:rc2:::::: cpe:2.3:a:acquia:mautic:1.0.0:rc3:::::: cpe:2.3:a:acquia:mautic:1.0.0:rc4::::::
Vendors & Products		Acquia Acquia mautic

Wed, 18 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Description		Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
Title		Server-Side Request Forgery in Asset section
Weaknesses		CWE-918
References		https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Mautic

Published: 2024-09-18T15:13:52.308Z

Updated: 2024-09-18T21:32:05.348Z

Reserved: 2022-02-22T20:17:36.805Z

Link: CVE-2022-25777

Vulnrichment

Updated: 2024-09-18T17:17:32.715Z

NVD

Status : Analyzed

Published: 2024-09-18T16:15:04.980

Modified: 2025-02-27T19:30:33.180

Link: CVE-2022-25777

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object