Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mautic — Vulnerabilities & Security Advisories 40

Browse all 40 CVE security advisories affecting Mautic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mautic is an open-source marketing automation platform designed to manage customer relationships through email campaigns, lead scoring, and personalized interactions. Its architecture, primarily built on PHP and Symfony, has historically exposed it to a significant volume of security flaws, currently totaling forty recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper access controls. Privilege escalation issues have also been documented, allowing lower-privileged users to gain administrative access. While the project maintains an active security response team that regularly patches these issues, the sheer number of disclosed CVEs highlights the risks associated with complex, community-driven codebases. Users must prioritize timely updates and strict configuration hardening to mitigate these persistent threats.

Top products by Mautic: Mautic mautic/core Docker Mautic
CVE IDTitleCVSSSeverityPublished
CVE-2026-3105 SQL Injection in Contact Activity API Sorting — MauticCWE-89 7.6 High2026-02-24
CVE-2025-13828 Mautic user without privileged access to the Marketplace can install and uninstall composer packages — MauticCWE-862 7.8AIHighAI2025-12-02
CVE-2025-13827 GrapesJsBuilder File Upload allows all file uploads — MauticCWE-434 9.8AICriticalAI2025-12-02
CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add — MauticCWE-79 6.1AIMediumAI2025-09-03
CVE-2025-9824 User Enumeration via Response Timing — MauticCWE-204 5.9 Medium2025-09-03
CVE-2025-9822 Secret data extraction via elfinder — MauticCWE-283 5.5 Medium2025-09-03
CVE-2025-9821 SSRF via webhook function — MauticCWE-918 2.7 Low2025-09-03
CVE-2025-7381 Exposure of sensitive PHP information to an unauthorized control sphere in mautic/mautic images — Docker MauticCWE-497 5.3 Medium2025-07-09
CVE-2025-5256 Open Redirect vulnerability on user unlock path — MauticCWE-601 5.4 Medium2025-05-28
CVE-2024-47055 Segment cloning doesn't have a proper permission check — MauticCWE-862 4.3 Medium2025-05-28
CVE-2024-47057 User name enumeration possible due to response time difference on password reset form — MauticCWE-203 5.3 Medium2025-05-28
CVE-2024-47056 Mautic does not shield .env files from web traffic — MauticCWE-312 5.1 Medium2025-05-28
CVE-2025-5257 Predictable Page Indexing Might Lead to Sensitive Data Exposure — MauticCWE-1284 6.5 Medium2025-05-28
CVE-2024-47051 Remote Code Execution & File Deletion in Asset Uploads — mautic/coreCWE-23 9.1 Critical2025-02-26
CVE-2024-47053 Improper Authorization in Reporting API — mautic/coreCWE-285 7.7 High2025-02-26
CVE-2022-25773 Relative Path Traversal in assets file upload — mautic/coreCWE-22 4.3 Medium2025-02-26
CVE-2022-25770 Insufficient authentication in upgrade flow — MauticCWE-306 7.8 High2024-09-18
CVE-2024-47059 Users enumeration - weak password login — MauticCWE-200 4.3 Medium2024-09-18
CVE-2021-27917 XSS in contact tracking and page hits report — MauticCWE-79 7.3 High2024-09-18
CVE-2024-47050 XSS in contact/company tracking (no authentication) — MauticCWE-79 5.4 Medium2024-09-18
CVE-2024-47058 Cross-site Scripting (XSS) - stored (edit form HTML field) — MauticCWE-79 2.9 Low2024-09-18
CVE-2022-25768 Improper Access Control in UI upgrade process — MauticCWE-287 7.0 High2024-09-18
CVE-2022-25777 Server-Side Request Forgery in Asset section — MauticCWE-918 6.5 Medium2024-09-18
CVE-2022-25776 Sensitive Data Exposure due to inadequate user permission settings — MauticCWE-276 8.3 High2024-09-18
CVE-2022-25775 SQL Injection in dynamic Reports — MauticCWE-89 6.6 Medium2024-09-18
CVE-2022-25774 XSS in Notifications via saving Dashboards — MauticCWE-79 4.8 Medium2024-09-18
CVE-2022-25769 Improper regex in htaccess file — MauticCWE-1284 7.2 High2024-09-18
CVE-2021-27916 Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder) — MauticCWE-22 8.1 High2024-09-17
CVE-2021-27915 XSS Cross-site Scripting Stored (XSS) - Description field — MauticCWE-80 7.6 High2024-09-17
CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic — MauticCWE-918 5.0 Medium2024-04-10

This page lists every published CVE security advisory associated with Mautic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.