mautic/core Security Advisories for 5.2.6 (4)
-
[MEDIUM] Mautic Vulnerable to User Enumeration via Response Timing
PKSA-f1xn-2dhr-qrdb CVE-2025-9824 GHSA-3ggv-qwcp-j6xg
Affected version: >=6.0.0-alpha,<6.0.5|>=5.0.0-alpha,<5.2.8|>=4.4.0,<4.4.17
Reported by:
GitHub -
[MEDIUM] Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add
PKSA-vhyd-4d5p-sjmg CVE-2025-9823 GHSA-9v8p-m85m-f7mm
Affected version: >=6.0.0-alpha,<6.0.5|>=5.0.0-alpha,<5.2.8|>=4.4.0,<4.4.17
Reported by:
GitHub -
[MEDIUM] Mautic vulnerable to secret data extraction via elfinder
PKSA-bn7t-4gr8-g6ns CVE-2025-9822 GHSA-438m-6mhw-hq5w
Affected version: >=6.0.0-alpha,<6.0.5|>=5.0.0-alpha,<5.2.8|>=4.4.0,<4.4.17
Reported by:
GitHub -
[LOW] Mautic vulnerable to SSRF via webhook function
PKSA-1vkq-hh1n-xfrh CVE-2025-9821 GHSA-hj6f-7hp7-xg69
Affected version: >=6.0.0-alpha,<6.0.5|>=5.0.0-alpha,<5.2.8|>=4.4.0,<4.4.17
Reported by:
GitHub