Secret data extraction via elfinder_CVE-2025-9822

5.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Description

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.

ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.

Basic Information

ID CVE-2025-9822

Source Mautic

Published Sep 3, 2025 at 13:55

Modified Sep 3, 2025 at 14:09

Affected Product

Vendor Mautic

Product Mautic

Version >= 4.4.0

Affected Versions Mautic Mautic >= 4.4.0
Mautic Mautic >= 5.0.0-alpha
Mautic Mautic >= 6.0.0-alpha

CWE Classification

CWE-283

References

github.com /mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w

{
    "lastseen": "",
    "description": "SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.\n\nImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.",
    "published": "2025-09-03T13:55:12.870Z",
    "modified": "2025-09-03T14:09:46.199Z",
    "type": "cve",
    "title": "Secret data extraction via elfinder",
    "source": "Mautic",
    "references": "https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w",
    "id": "CVE-2025-9822",
    "bulletinFamily": "",
    "cwe": [
        "CWE-283"
    ],
    "cvelist": null,
    "sourceData": "Mautic Mautic >= 4.4.0\nMautic Mautic >= 5.0.0-alpha\nMautic Mautic >= 6.0.0-alpha",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mautic",
    "version": ">= 4.4.0",
    "vendor": "Mautic",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}