CVE-2022-25770

Summary

Mautic allows you to update the application via an upgrade script.

The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

Affected Software

VendorProductVersion RangeStatus
MauticMautic>= 1.0.0-beta3 < < 4.4.13affected
MauticMautic>= 5.0.0 < < 5.1.1.affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References