What is CVE-2025-9824?

CVE-2025-9824 is a medium-severity vulnerability in Mautic, classified under Observable Response Discrepancy. CVSS score: 5.9/10. Published 2025-09-03.

How severe is CVE-2025-9824?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Is CVE-2025-9824 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mautic

CVE-2025-9824

ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. PatchesThis vulnerability has…

EPSS: 0.001 (22.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Mautic — versions >= 4.4.0, >= 5.0.0-alpha, >= 6.0.0-alpha

Weakness classification (CWE)

CWE-204 — Observable Response Discrepancy

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

github.com/mautic/mautic/security/advisories/GHSA-3ggv-qwcp-j6xg

Frequently asked questions

What is CVE-2025-9824?: CVE-2025-9824 is a medium-severity vulnerability in Mautic, classified under Observable Response Discrepancy. CVSS score: 5.9/10. Published 2025-09-03.
How severe is CVE-2025-9824?: Medium severity. CVSS v3 base score is 5.9 out of 10.
Is CVE-2025-9824 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.