Primary

Context

Mautic Secret Data Extraction Vulnerability for Administrators

Vulnerability

Patched

A vulnerability exists in Mautic versions 4.4.0 prior to 4.4.17, 5.0.0-alpha through 5.2.8, and 6.0.0-alpha through 6.0.5. It allows administrators to modify application configurations and access sensitive information, such as database credentials, that is typically restricted.

Impact

Exploitation of this vulnerability enables unauthorized disclosure of confidential data, including database credentials, to administrators who would not normally have access to such information.

Remediation

Users can upgrade to Mautic versions 4.4.17, 5.2.8, or 6.0.5 to address this vulnerability.

Added: Sep 3, 2025, 2:18 PM

Updated: Sep 3, 2025, 2:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mautic Secret Data Extraction Vulnerability for Administrators

Vulnerability

Impact

Remediation

Affected Products

Mautic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating