Advisory Database
  • Advisories
  • Dependency Scanning
  1. composer
  2. ›
  3. mautic/core
  4. ›
  5. CVE-2025-9821

CVE-2025-9821: Mautic vulnerable to SSRF via webhook function

September 3, 2025

Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed

References

  • github.com/advisories/GHSA-hj6f-7hp7-xg69
  • github.com/mautic/mautic
  • github.com/mautic/mautic/commit/6084f6de4c88d1aeb5f6c73ea4fe1b09c98ea52b
  • github.com/mautic/mautic/commit/dc5bb1466c9a48fd34768dc8ff5888716b2916ba
  • github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69
  • nvd.nist.gov/vuln/detail/CVE-2025-9821

Code Behaviors & Features

Detect and mitigate CVE-2025-9821 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions starting from 4.4.0 before 4.4.17, all versions starting from 5.0.0-alpha before 5.2.8, all versions starting from 6.0.0-alpha before 6.0.5

Fixed versions

  • 4.4.17
  • 5.2.8
  • 6.0.5

Solution

Upgrade to versions 4.4.17, 5.2.8, 6.0.5 or above.

Impact 2.7 LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Learn more about CVSS

Weakness

  • CWE-918: Server-Side Request Forgery (SSRF)

Source file

packagist/mautic/core/CVE-2025-9821.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Thu, 04 Sep 2025 12:19:21 +0000.