What is CVE-2022-25769?

CVE-2022-25769 is a high-severity vulnerability in Mautic, classified under Improper Validation of Specified Quantity in Input. CVSS score: 7.2/10. Published 2024-09-18.

How severe is CVE-2022-25769?

High severity. CVSS v3 base score is 7.2 out of 10.

Vulnerability in Mautic

CVE-2022-25769

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks…

EPSS: 0.001 (30.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H.

Affected products

Mautic — versions < 3.3.5, < 4.2.0

Weakness classification (CWE)

CWE-1284 — Improper Validation of Specified Quantity in Input

References

github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56
www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic

Frequently asked questions

What is CVE-2022-25769?: CVE-2022-25769 is a high-severity vulnerability in Mautic, classified under Improper Validation of Specified Quantity in Input. CVSS score: 7.2/10. Published 2024-09-18.
How severe is CVE-2022-25769?: High severity. CVSS v3 base score is 7.2 out of 10.