CVE-2025-9821: Mautic vulnerable to SSRF via webhook function
Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed
References
- github.com/advisories/GHSA-hj6f-7hp7-xg69
- github.com/mautic/mautic
- github.com/mautic/mautic/commit/6084f6de4c88d1aeb5f6c73ea4fe1b09c98ea52b
- github.com/mautic/mautic/commit/dc5bb1466c9a48fd34768dc8ff5888716b2916ba
- github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69
- nvd.nist.gov/vuln/detail/CVE-2025-9821
Code Behaviors & Features
Detect and mitigate CVE-2025-9821 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →