Plattform
php
Komponente
mautic/core
Behoben in
4.4.18
5.2.9
6.0.6
4.4.17
CVE-2025-9821 describes a Server-Side Request Forgery (SSRF) vulnerability present in Mautic Core versions up to 4.4.9. This flaw allows authenticated users with webhook permissions to craft malicious requests, potentially bypassing firewall restrictions and accessing internal services. The vulnerability also exposes partial webhook response data, increasing the risk of information disclosure.
The primary impact of CVE-2025-9821 is the ability for an attacker to bypass firewall protections and interact with internal services that are normally inaccessible from the outside. This could involve accessing sensitive data, executing commands on internal systems, or even pivoting to other internal networks. The partial disclosure of webhook response data further compounds the risk, potentially revealing sensitive information contained within those responses. This SSRF vulnerability aligns with the OWASP Top 10 risks and shares similarities with other SSRF exploits where attackers leverage internal network access.
CVE-2025-9821 was publicly disclosed on September 3, 2025. The CVSS score is LOW (2.7), suggesting a relatively low probability of exploitation under normal circumstances. No public proof-of-concept (PoC) code has been released at the time of writing, but the SSRF nature of the vulnerability means that exploitation is likely possible with moderate effort. It is not currently listed on the CISA KEV catalog.
Organizations using Mautic Core for marketing automation, particularly those with internal services accessible via webhooks, are at risk. Environments with overly permissive webhook configurations or shared hosting setups where multiple users share webhook access are especially vulnerable.
• php / server:
find /var/www/mautic/ -name 'WebhookController.php' -print0 | xargs -0 grep -i 'request->uri'• generic web:
curl -I http://your-mautic-instance/webhooks/send | grep -i 'server:'disclosure
Exploit-Status
EPSS
0.03% (9% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2025-9821 is to immediately upgrade Mautic Core to version 4.4.17 or later, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting webhook destinations to a whitelist of trusted URLs. Additionally, carefully review and restrict user permissions related to webhooks, ensuring only authorized users have access. Monitoring webhook activity for unusual or unexpected destinations can also help detect potential exploitation attempts. After upgrading, verify the fix by attempting to send a webhook request to an internal service and confirming that the request is blocked.
Aktualisieren Sie Mautic auf Version 4.4.17, 5.2.8 oder 6.0.5 oder höher, je nach Ihrem Versionszweig. Dies behebt die SSRF-Schwachstelle, indem die Webhook-Ziele korrekt validiert werden. Stellen Sie sicher, dass Sie die Versionshinweise auf zusätzliche Änderungen überprüfen, die Ihre Konfiguration beeinflussen könnten.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-9821 is a Server-Side Request Forgery vulnerability in Mautic Core versions up to 4.4.9, allowing attackers to bypass firewalls and potentially access internal services.
You are affected if you are running Mautic Core version 4.4.9 or earlier. Upgrade to version 4.4.17 or later to mitigate the risk.
Upgrade Mautic Core to version 4.4.17 or later. As a temporary workaround, restrict webhook destinations to a whitelist of trusted URLs.
There is no confirmed active exploitation of CVE-2025-9821 at this time, but the SSRF nature of the vulnerability suggests potential for exploitation.
Refer to the Mautic security advisories page for the latest information and official announcements regarding CVE-2025-9821.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.