mautic/core Security Advisories for 5.2.0 (8)
-
[MEDIUM] Mautic has an Open Redirect vulnerability on user unlock path.
PKSA-q26v-9dpb-k2fj CVE-2025-5256 GHSA-6vx9-9r2g-8373
Affected version: >=6.0.0-alpha,<6.0.2|>=5.0.0-alpha,<5.2.6|>=1.0.0,<4.4.16
Reported by:
GitHub -
[MEDIUM] Mautic segment cloning doesn't have a proper permission check
PKSA-t9vw-npky-6xmt CVE-2024-47055 GHSA-vph5-ghq3-q782
Affected version: >=6.0.0-alpha,<6.0.2|>=5.0.0-alpha,<5.2.6
Reported by:
GitHub -
[MEDIUM] Mautic allows user name enumeration due to response time difference on password reset form
PKSA-s7ys-knkq-xqw6 CVE-2024-47057 GHSA-424x-cxvh-wq9p
Affected version: >=6.0.0-alpha,<6.0.2|>=5.0.0-alpha,<5.2.6|>=1.0.0,<4.4.16
Reported by:
GitHub -
[MEDIUM] Mautic does not shield .env files from web traffic
PKSA-x5tz-t44g-gk96 CVE-2024-47056 GHSA-h2wg-v8wg-jhxh
Affected version: >=6.0.0-alpha,<6.0.2|>=5.0.0-alpha,<5.2.6|>=4.4.0,<4.4.16
Reported by:
GitHub -
[MEDIUM] Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure
PKSA-x59g-t3yz-wmhz CVE-2025-5257 GHSA-cqx4-9vqf-q3m8
Affected version: >=6.0.0-alpha,<6.0.2|>=5.0.0-alpha,<5.2.6|>=4.0.0,<4.4.16
Reported by:
GitHub -
[MEDIUM] Mautic allows Relative Path Traversal in assets file upload
PKSA-r9y9-cx91-ppbj CVE-2022-25773 GHSA-4w2w-36vm-c8hf
Affected version: <5.2.3
Reported by:
GitHub -
[HIGH] Mautic allows Improper Authorization in Reporting API
PKSA-d6g7-gn2x-xxxs CVE-2024-47053 GHSA-8xv7-g2q3-fqgc
Affected version: >=1.0.1,<5.2.3
Reported by:
GitHub -
[CRITICAL] Mautic allows Remote Code Execution and File Deletion in Asset Uploads
PKSA-r8cy-ghyg-685v CVE-2024-47051 GHSA-73gx-x7r9-77x2
Affected version: <5.2.3
Reported by:
GitHub