CVE-2025-13828

Summary

SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.

ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges.

Affected Software

VendorProductVersion RangeStatus
MauticMautic<4.4.18, <5.2.9, <6.0.7affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References