Primary

Context

Mautic Remote Code Execution and Path Traversal Vulnerability in Asset Uploads

Vulnerability

Patched

Two critical vulnerabilities have been identified in Mautic versions prior to 5.2.3, both of which can be exploited by authenticated users. The first vulnerability allows for remote code execution through the asset upload feature. This issue arises from inadequate validation of file extensions, enabling attackers to upload executable files, such as PHP scripts. The second vulnerability is a path traversal issue that permits authenticated users to manipulate the file deletion process, potentially leading to the removal of arbitrary files on the host system.

Impact

Exploitation of these vulnerabilities could result in unauthorized remote code execution and the deletion of arbitrary files on the host system.

Remediation

Users are advised to update to Mautic version 5.2.3 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mautic Remote Code Execution and Path Traversal Vulnerability in Asset Uploads

Vulnerability

Impact

Remediation

Affected Products

Mautic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating