What is CVE-2022-25770?

CVE-2022-25770 is a high-severity vulnerability in Mautic, classified under Missing Authentication for Critical Function. CVSS score: 7.8/10. Published 2024-09-18.

How severe is CVE-2022-25770?

High severity. CVSS v3 base score is 7.8 out of 10.

Auth bypass in Mautic

CVE-2022-25770

Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a…

Vulnerability class: Broken Authentication

EPSS: 0.003 (53.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H.

Affected products

Mautic — versions >= 1.0.0-beta3, >= 5.0.0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc

Frequently asked questions

What is CVE-2022-25770?: CVE-2022-25770 is a high-severity vulnerability in Mautic, classified under Missing Authentication for Critical Function. CVSS score: 7.8/10. Published 2024-09-18.
How severe is CVE-2022-25770?: High severity. CVSS v3 base score is 7.8 out of 10.