{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-9822","assignerOrgId":"4e531c38-7a33-45d3-98dd-d909c0d8852e","state":"PUBLISHED","assignerShortName":"Mautic","dateReserved":"2025-09-02T08:22:34.513Z","datePublished":"2025-09-03T13:55:12.870Z","dateUpdated":"2025-09-03T14:09:46.199Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://packagist.org","defaultStatus":"unaffected","packageName":"mautic/core","product":"Mautic","repo":"https://github.com/mautic/mautic","vendor":"Mautic","versions":[{"lessThan":"< 4.4.17","status":"affected","version":">= 4.4.0","versionType":"semver"},{"lessThan":"< 5.2.8","status":"affected","version":">= 5.0.0-alpha","versionType":"semver"},{"lessThan":"< 6.0.5","status":"affected","version":">= 6.0.0-alpha","versionType":"semver"}]}],"credits":[{"lang":"en","type":"reporter","value":"B0D0B0P0T"},{"lang":"en","type":"remediation developer","value":"lenonleite"},{"lang":"en","type":"remediation reviewer","value":"kuzmany"}],"datePublic":"2025-09-03T08:56:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<h3>Summary</h3><p><em>A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.</em></p><h3>Impact</h3><p><em>An administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.</em></p>"}],"value":"SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.\n\nImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them."}],"impacts":[{"capecId":"CAPEC-1","descriptions":[{"lang":"en","value":"CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-283","description":"CWE-283","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"4e531c38-7a33-45d3-98dd-d909c0d8852e","shortName":"Mautic","dateUpdated":"2025-09-03T13:55:12.870Z"},"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w"}],"source":{"advisory":"GHSA-438m-6mhw-hq5w","discovery":"EXTERNAL"},"title":"Secret data extraction via elfinder","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-03T14:08:49.982448Z","id":"CVE-2025-9822","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-03T14:09:46.199Z"}}]}}