Primary

Context

Mautic Webhook Function Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in Mautic's webhook functionality, affecting versions 4.4.0 prior to 4.4.17, 5.0.0-alpha prior to 5.2.8, and 6.0.0-alpha prior to 6.0.5. This vulnerability allows users with webhook permissions to send requests to internal services by exploiting unvalidated webhook destinations. Additionally, if these users can access webhook logs, they may receive partial responses from the requests, potentially disclosing sensitive information.

Impact

Exploitation of this vulnerability could bypass firewalls and allow interaction with internal services, creating risks associated with unauthorized access or manipulation of those services.

Remediation

Users can update to Mautic versions 4.4.17, 5.2.8, or 6.0.5 to address this vulnerability.

Added: Sep 3, 2025, 10:22 AM

Updated: Sep 3, 2025, 10:22 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

3.1

exploitability

5.0

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

3.1

exploitability

5.0

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mautic Webhook Function Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mautic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating