CVE-2025-9822 MEDIUM

CVE-2025-9822: Secret data extraction via elfinder

Vendor Mautic
Product Mautic
Weakness CWE-283
Published September 3, 2025
Last update September 3, 2025

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them.

Key dates

02Disclosure timeline

September 3, 2025 CVE published
September 3, 2025 Record updated

Related vulnerabilities

04Related CVE