{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-13827","assignerOrgId":"4e531c38-7a33-45d3-98dd-d909c0d8852e","state":"PUBLISHED","assignerShortName":"Mautic","dateReserved":"2025-12-01T15:20:24.945Z","datePublished":"2025-12-02T16:54:39.986Z","dateUpdated":"2025-12-02T17:10:25.179Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://packagist.org","defaultStatus":"unaffected","packageName":"core","product":"Mautic","repo":"https://github.com/mautic/mautic","vendor":"Mautic","versions":[{"status":"affected","version":"<4.4.18, <5.2.9, <6.0.7","versionType":"semver"}]}],"credits":[{"lang":"en","type":"reporter","value":"Jason Woods (driskell)"},{"lang":"en","type":"remediation reviewer","value":"Patryk Gruszka (patrykgruszka)"},{"lang":"en","type":"remediation reviewer","value":"Jan Linhart (escopecz)"},{"lang":"en","type":"remediation developer","value":"Jason Woods (driskell)"}],"datePublic":"2025-12-01T15:10:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<h2>Summary</h2><br>Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. <br><h2>Impact</h2>If the media folder is not restricted from running files this can lead to a remote code execution."}],"value":"Summary\nArbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. \nImpactIf the media folder is not restricted from running files this can lead to a remote code execution."}],"impacts":[{"capecId":"CAPEC-244","descriptions":[{"lang":"en","value":"CAPEC-244 XSS Targeting URI Placeholders"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":8.8,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"4e531c38-7a33-45d3-98dd-d909c0d8852e","shortName":"Mautic","dateUpdated":"2025-12-02T16:54:39.986Z"},"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp"}],"source":{"advisory":"GHSA-5xw2-57jx-pgjp","discovery":"EXTERNAL"},"title":"GrapesJsBuilder File Upload allows all file uploads","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-02T17:10:05.493140Z","id":"CVE-2025-13827","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-02T17:10:25.179Z"}}]}}