CVE-2022-25770

moderate-risk

Published 2024-09-18

Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.

Do I need to act?

0.30% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / HIGH complexity

Affected Products (8)

Mautic

Affected Vendors

Acquia

References (1)

Vendor Advisory https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc

/ 100

moderate-risk

Severity 20/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 14/34 · Moderate