What is CVE-2022-25776?

CVE-2022-25776 is a high-severity vulnerability in Mautic, classified under Incorrect Default Permissions. CVSS score: 8.3/10. Published 2024-09-18.

How severe is CVE-2022-25776?

High severity. CVSS v3 base score is 8.3 out of 10.

Vulnerability in Mautic

CVE-2022-25776

Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and…

EPSS: 0.001 (18.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H.

Affected products

Mautic — versions >= 1.0.2, >5.0.0

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

References

github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8

Frequently asked questions

What is CVE-2022-25776?: CVE-2022-25776 is a high-severity vulnerability in Mautic, classified under Incorrect Default Permissions. CVSS score: 8.3/10. Published 2024-09-18.
How severe is CVE-2022-25776?: High severity. CVSS v3 base score is 8.3 out of 10.