Primary

Context

Mautic Unauthenticated Access to Unpublished Page Previews Vulnerability

Vulnerability

Patched

A vulnerability in Mautic allows unauthenticated users to access unpublished page previews through predictable URLs. This issue, present in versions 4.0 and later, lacked proper authorization checks, enabling unauthorized access to draft content or sensitive information. Additionally, these private preview URLs could be indexed by search engines, making the content publicly discoverable.

Impact

Exploitation of this vulnerability could lead to unauthorized access to unpublished content, including draft materials and sensitive information, with the added risk of such content being indexed by search engines and made publicly available.

Remediation

Users are advised to upgrade to Mautic versions 6.0.2, 5.2.6, or 4.4.16, where this vulnerability has been patched.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

8.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

8.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mautic Unauthenticated Access to Unpublished Page Previews Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mautic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating