Primary

Context

Mautic Open Redirection Vulnerability in User Unlock Endpoint

Vulnerability

Patched

An open redirection vulnerability has been identified in Mautic's user unlocking endpoint, specifically in versions greater than 1.0. The issue arises because the returnUrl parameter, meant for redirecting users after an action, is not properly validated. This flaw allows attackers to create URLs that redirect users to malicious websites, potentially leading to phishing attacks or the distribution of exploit kits.

Impact

Exploitation of this vulnerability could result in open redirection, allowing attackers to redirect users to external, potentially harmful websites.

Remediation

Users are advised to update Mautic to version 6.0.2, 5.2.6, or 4.4.16, all of which address this vulnerability by properly validating the returnUrl parameter.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.8

exploitability

6.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.8

exploitability

6.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mautic Open Redirection Vulnerability in User Unlock Endpoint

Vulnerability

Impact

Remediation

Affected Products

Mautic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating