CVE-2025-9821

Summary

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed

DetailsWhen sending webhooks, the destination is not validated, causing SSRF.

ImpactBypass of firewalls to interact with internal services. See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/  for more potential impact.

Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html  for more information on SSRF and its fix.

Affected Software

VendorProductVersion RangeStatus
MauticMautic>= 4.4.0 <= < 4.4.17affected
MauticMautic>= 5.0.0-alpha <= < 5.2.8affected
MauticMautic>= 6.0.0-alpha <= < 6.0.5affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References