CVE-2022-25769

low-risk

Published 2024-09-18

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

LOCAL / HIGH complexity

Affected Products (1)

Mautic

Affected Vendors

Acquia

References (2)

Vendor Advisory https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56

Release Notes https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic

/ 100

low-risk

Severity 19/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal