7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-25770

GHSA ID

GHSA-qf6m-6m4g-rmrc

EPSS Score

0.30919%

CWE

CWE-306

Published

9/18/2024

Updated

2/21/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-25770

CVE-2022-25770: Mautic has insufficient authentication in upgrade flow

Impact

Mautic allows you to update the application via an upgrade script.

The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable

Patches

Please upgrade to 4.4.1 or 5.1.1 or later.

Workarounds

None.

For more information

If you have any questions or comments about this advisory:

Email us at security@mautic.org

(GitHub Advisory)

7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-25770

GHSA ID

GHSA-qf6m-6m4g-rmrc

EPSS Score

0.30919%

CWE

CWE-306

Published

9/18/2024

Updated

2/21/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mautic/core	composer	>= 1.0.0-beta3, < 4.4.13	4.4.13
mautic/core	composer	>= 5.0.0-alpha, < 5.1.1	5.1.1
mautic/core-lib	composer	>= 1.0.0-beta3, < 4.4.13	4.4.13
mautic/core-lib	composer	>= 5.0.0-alpha, < 5.1.1	5.1.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from upgrade.php being accessible in the web root without authentication. This file contained critical upgrade functions that: 1) Perform file system operations (move_mautic_* functions) 2) Modify system components 3) Clear application cache. The commit fixes this by removing upgrade.php from web-accessible locations and moving it to protected scaffolding directories. The CWE-306 mapping confirms these functions lacked required authentication for critical upgrade operations. The patch's removal of web-root access to upgrade.php and modification of build scripts to use protected paths directly addresses the authentication bypass vulnerability in these functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t M*uti* *llows you to up**t* t** *ppli**tion vi* *n up*r*** s*ript. T** up*r*** lo*i* isn't s*i*l*** o** *orr**tly, w*i** m*y l*** to vuln*r**l* situ*tion. T*is vuln*r**ility is miti**t** *y t** ***t t**t M*uti* n***s to ** inst*ll** in

Reasoning

T** vuln*r**ility st*ms *rom up*r***.p*p **in* ****ssi*l* in t** w** root wit*out *ut**nti**tion. T*is *il* *ont*in** *riti**l up*r*** *un*tions t**t: *) P*r*orm *il* syst*m op*r*tions (mov*_m*uti*_* *un*tions) *) Mo*i*y syst*m *ompon*nts *) *l**r *p

7.8

Basic Information

Concerned about an active attack path?

CVE-2022-25770: Mautic has insufficient authentication in upgrade flow

Impact

Patches

Workarounds

For more information

7.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI