CVE-2025-9822: Mautic vulnerable to secret data extraction via elfinder
A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available.
References
- github.com/advisories/GHSA-438m-6mhw-hq5w
- github.com/mautic/mautic
- github.com/mautic/mautic/commit/882c2c5be646e36f7b91e7c4b24f71aafa617cd5
- github.com/mautic/mautic/commit/a310b1933de7cfefec03382a4d8c0d9dbbaa0600
- github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w
- nvd.nist.gov/vuln/detail/CVE-2025-9822
Code Behaviors & Features
Detect and mitigate CVE-2025-9822 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →