mautic/core Security Advisories for 6.0.0-beta2 (5)
-
[MEDIUM] Mautic has an Open Redirect vulnerability on user unlock path.
PKSA-q26v-9dpb-k2fj CVE-2025-5256 GHSA-6vx9-9r2g-8373
Affected version: >=6.0.0-alpha,<6.0.2|>=5.0.0-alpha,<5.2.6|>=1.0.0,<4.4.16
Reported by:
GitHub -
[MEDIUM] Mautic segment cloning doesn't have a proper permission check
PKSA-t9vw-npky-6xmt CVE-2024-47055 GHSA-vph5-ghq3-q782
Affected version: >=6.0.0-alpha,<6.0.2|>=5.0.0-alpha,<5.2.6
Reported by:
GitHub -
[MEDIUM] Mautic allows user name enumeration due to response time difference on password reset form
PKSA-s7ys-knkq-xqw6 CVE-2024-47057 GHSA-424x-cxvh-wq9p
Affected version: >=6.0.0-alpha,<6.0.2|>=5.0.0-alpha,<5.2.6|>=1.0.0,<4.4.16
Reported by:
GitHub -
[MEDIUM] Mautic does not shield .env files from web traffic
PKSA-x5tz-t44g-gk96 CVE-2024-47056 GHSA-h2wg-v8wg-jhxh
Affected version: >=6.0.0-alpha,<6.0.2|>=5.0.0-alpha,<5.2.6|>=4.4.0,<4.4.16
Reported by:
GitHub -
[MEDIUM] Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure
PKSA-x59g-t3yz-wmhz CVE-2025-5257 GHSA-cqx4-9vqf-q3m8
Affected version: >=6.0.0-alpha,<6.0.2|>=5.0.0-alpha,<5.2.6|>=4.0.0,<4.4.16
Reported by:
GitHub