Platform
php
Component
mautic/core
Fixed in
4.4.18
5.2.9
6.0.6
4.4.17
CVE-2025-9821 describes a Server-Side Request Forgery (SSRF) vulnerability present in Mautic Core versions up to 4.4.9. This flaw allows authenticated users with webhook permissions to craft malicious requests, potentially bypassing firewall restrictions and accessing internal services. The vulnerability also exposes partial webhook response data, increasing the risk of information disclosure.
The primary impact of CVE-2025-9821 is the ability for an attacker to bypass firewall protections and interact with internal services that are normally inaccessible from the outside. This could involve accessing sensitive data, executing commands on internal systems, or even pivoting to other internal networks. The partial disclosure of webhook response data further compounds the risk, potentially revealing sensitive information contained within those responses. This SSRF vulnerability aligns with the OWASP Top 10 risks and shares similarities with other SSRF exploits where attackers leverage internal network access.
CVE-2025-9821 was publicly disclosed on September 3, 2025. The CVSS score is LOW (2.7), suggesting a relatively low probability of exploitation under normal circumstances. No public proof-of-concept (PoC) code has been released at the time of writing, but the SSRF nature of the vulnerability means that exploitation is likely possible with moderate effort. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation for CVE-2025-9821 is to immediately upgrade Mautic Core to version 4.4.17 or later, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting webhook destinations to a whitelist of trusted URLs. Additionally, carefully review and restrict user permissions related to webhooks, ensuring only authorized users have access. Monitoring webhook activity for unusual or unexpected destinations can also help detect potential exploitation attempts. After upgrading, verify the fix by attempting to send a webhook request to an internal service and confirming that the request is blocked.
Update Mautic to version 4.4.17, 5.2.8, or 6.0.5, or later, as appropriate for your version branch. This will correct the SSRF vulnerability by properly validating webhook destinations. Ensure you review the release notes for any additional changes that may affect your configuration.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-9821 is a Server-Side Request Forgery vulnerability in Mautic Core versions up to 4.4.9, allowing attackers to bypass firewalls and potentially access internal services.
You are affected if you are running Mautic Core version 4.4.9 or earlier. Upgrade to version 4.4.17 or later to mitigate the risk.
Upgrade Mautic Core to version 4.4.17 or later. As a temporary workaround, restrict webhook destinations to a whitelist of trusted URLs.
There is no confirmed active exploitation of CVE-2025-9821 at this time, but the SSRF nature of the vulnerability suggests potential for exploitation.
Refer to the Mautic security advisories page for the latest information and official announcements regarding CVE-2025-9821.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.