7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-25768

GHSA ID

GHSA-x3jx-5w6m-q2fc

EPSS Score

0.37607%

CWE

CWE-284

Published

9/18/2024

Updated

2/28/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-25768

CVE-2022-25768: Mautic vulnerable to Improper Access Control in UI upgrade process

Impact

The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.

Patches

Upgrade to 4.4.13 or 5.1.1 or later.

Workarounds

None.

For more information

If you have any questions or comments about this advisory:

Email us at security@mautic.org

(GitHub Advisory)

7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-25768

GHSA ID

GHSA-x3jx-5w6m-q2fc

EPSS Score

0.37607%

CWE

CWE-284

Published

9/18/2024

Updated

2/28/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mautic/core-lib	composer	>= 1.1.3, < 4.4.13	4.4.13
mautic/core-lib	composer	>= 5.0.0-alpha, < 5.1.1	5.1.1
mautic/core	composer	>= 1.1.3, < 4.4.13	4.4.13
mautic/core	composer	>= 5.0.0-alpha, < 5.1.1	5.1.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from code removed in the SecurityController.php's loginAction method, as shown in the commit diff. This code checked for a 'mautic_update' cookie and forwarded requests to upgrade-related AjaxController methods without verifying permissions. The removal of this code in the patch indicates it was the primary vector for unauthorized access to the deprecated UI upgrade process. While the AjaxController methods (updateDatabaseMigration/updateFinalization) were the targets, the root cause was the lack of access control in the loginAction handler that triggered them.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** lo*i* in pl*** to ***ilit*t* t** up**t* pro**ss vi* t** us*r int*r**** l**ks ****ss *ontrol to v*ri*y i* p*rmission *xists to p*r*orm t** t*sks. Prior to t*is p*t** **in* *ppli** it mi**t ** possi*l* *or *n *tt**k*r to ****ss t** M*uti

Reasoning

T** vuln*r**ility st*ms *rom *o** r*mov** in t** S**urity*ontroll*r.p*p's lo*in**tion m*t*o*, *s s*own in t** *ommit *i**. T*is *o** ****k** *or * 'm*uti*_up**t*' *ooki* *n* *orw*r*** r*qu*sts to up*r***-r*l*t** *j*x*ontroll*r m*t*o*s wit*out v*ri*yi

7

Basic Information

Concerned about an active attack path?

CVE-2022-25768: Mautic vulnerable to Improper Access Control in UI upgrade process

Impact

Patches

Workarounds

For more information

7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI