Primary

Context

Mautic Improper Path Restriction Vulnerability in Asset Upload Functionality

Vulnerability

Patched

A file placement vulnerability has been identified in Mautic's asset upload feature, allowing users to upload files to directories outside of the designated temporary directory. This issue arises from improper limitations on pathnames, which could lead to unintended file placements on the server.

Impact

Exploitation of this vulnerability could result in files being uploaded to unauthorized directories on the server, potentially leading to further security issues.

Remediation

Users are advised to update to version 5.2.3 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mautic Improper Path Restriction Vulnerability in Asset Upload Functionality

Vulnerability

Impact

Remediation

Affected Products

Mautic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating