What is CVE-2022-25768?

CVE-2022-25768 is a high-severity vulnerability in Mautic, classified under Improper Authentication. CVSS score: 7.0/10. Published 2024-09-18.

How severe is CVE-2022-25768?

High severity. CVSS v3 base score is 7.0 out of 10.

Auth bypass in Mautic

CVE-2022-25768

The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mauti…

Vulnerability class: Broken Authentication

EPSS: 0.004 (59.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H.

Affected products

Mautic — versions >= 1.1.3, >= 5.0.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc

Frequently asked questions

What is CVE-2022-25768?: CVE-2022-25768 is a high-severity vulnerability in Mautic, classified under Improper Authentication. CVSS score: 7.0/10. Published 2024-09-18.
How severe is CVE-2022-25768?: High severity. CVSS v3 base score is 7.0 out of 10.