{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9821", "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "state": "PUBLISHED", "assignerShortName": "Mautic", "dateReserved": "2025-09-02T08:22:33.758Z", "datePublished": "2025-09-03T09:39:01.005Z", "dateUpdated": "2025-09-03T14:12:35.814Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://packagist.org", "defaultStatus": "unaffected", "packageName": "mautic/core", "product": "Mautic", "repo": "https://github.com/mautic/mautic", "vendor": "Mautic", "versions": [{"lessThanOrEqual": "< 4.4.17", "status": "affected", "version": ">= 4.4.0", "versionType": "semver"}, {"lessThanOrEqual": "< 5.2.8", "status": "affected", "version": ">= 5.0.0-alpha", "versionType": "semver"}, {"lessThanOrEqual": "< 6.0.5", "status": "affected", "version": ">= 6.0.0-alpha", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "asesidaa"}, {"lang": "en", "type": "reporter", "value": "lukehebe"}, {"lang": "en", "type": "remediation developer", "value": "patrykgruszka"}, {"lang": "en", "type": "remediation reviewer", "value": "kuzmany"}], "datePublic": "2025-09-03T08:56:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<h3>Summary</h3><p>Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed</p><h3>Details</h3><p>When sending webhooks, the destination is not validated, causing SSRF.<br></p><h3>Impact</h3><p>Bypass of firewalls to interact with internal services.<br>See <a target=\"_blank\" rel=\"nofollow\" href=\"https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/\">https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/</a>&nbsp;for more potential impact.</p><h3>Resources</h3><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html\">https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html</a>&nbsp;for more information on SSRF and its fix.</p><br>"}], "value": "SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed\n\nDetailsWhen sending webhooks, the destination is not validated, causing SSRF.\n\n\nImpactBypass of firewalls to interact with internal services.\nSee https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ \u00a0for more potential impact.\n\nResources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html \u00a0for more information on SSRF and its fix."}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "shortName": "Mautic", "dateUpdated": "2025-09-03T09:39:01.005Z"}, "references": [{"url": "https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69"}], "source": {"advisory": "GHSA-hj6f-7hp7-xg69", "discovery": "UNKNOWN"}, "title": "SSRF via webhook function", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-03T14:07:29.437694Z", "id": "CVE-2025-9821", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-03T14:12:35.814Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9821", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-03T14:07:29.437694Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-03T14:08:18.907Z"}}], "cna": {"title": "SSRF via webhook function", "source": {"advisory": "GHSA-hj6f-7hp7-xg69", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "asesidaa"}, {"lang": "en", "type": "reporter", "value": "lukehebe"}, {"lang": "en", "type": "remediation developer", "value": "patrykgruszka"}, {"lang": "en", "type": "remediation reviewer", "value": "kuzmany"}], "impacts": [{"capecId": "CAPEC-664", "descriptions": [{"lang": "en", "value": "CAPEC-664 Server Side Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/mautic/mautic", "vendor": "Mautic", "product": "Mautic", "versions": [{"status": "affected", "version": ">= 4.4.0", "versionType": "semver", "lessThanOrEqual": "< 4.4.17"}, {"status": "affected", "version": ">= 5.0.0-alpha", "versionType": "semver", "lessThanOrEqual": "< 5.2.8"}, {"status": "affected", "version": ">= 6.0.0-alpha", "versionType": "semver", "lessThanOrEqual": "< 6.0.5"}], "packageName": "mautic/core", "collectionURL": "https://packagist.org", "defaultStatus": "unaffected"}], "datePublic": "2025-09-03T08:56:00.000Z", "references": [{"url": "https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed\n\nDetailsWhen sending webhooks, the destination is not validated, causing SSRF.\n\n\nImpactBypass of firewalls to interact with internal services.\nSee https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ \u00a0for more potential impact.\n\nResources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html \u00a0for more information on SSRF and its fix.", "supportingMedia": [{"type": "text/html", "value": "<h3>Summary</h3><p>Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed</p><h3>Details</h3><p>When sending webhooks, the destination is not validated, causing SSRF.<br></p><h3>Impact</h3><p>Bypass of firewalls to interact with internal services.<br>See <a target=\"_blank\" rel=\"nofollow\" href=\"https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/\">https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/</a>&nbsp;for more potential impact.</p><h3>Resources</h3><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html\">https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html</a>&nbsp;for more information on SSRF and its fix.</p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "shortName": "Mautic", "dateUpdated": "2025-09-03T09:39:01.005Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9821", "state": "PUBLISHED", "dateUpdated": "2025-09-03T14:12:35.814Z", "dateReserved": "2025-09-02T08:22:33.758Z", "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "datePublished": "2025-09-03T09:39:01.005Z", "assignerShortName": "Mautic"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed\n\nDetailsWhen sending webhooks, the destination is not validated, causing SSRF.\n\n\nImpactBypass of firewalls to interact with internal services.\nSee https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ \u00a0for more potential impact.\n\nResources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html \u00a0for more information on SSRF and its fix."}], "id": "CVE-2025-9821", "lastModified": "2025-09-04T15:36:56.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "security@mautic.org", "type": "Secondary"}]}, "published": "2025-09-03T10:15:38.133", "references": [{"source": "security@mautic.org", "url": "https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69"}], "sourceIdentifier": "security@mautic.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@mautic.org", "type": "Secondary"}]}

{}