CVE-2025-9821
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-03

Last updated on: 2025-09-04

Assigner: Mautic

Description
SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal services. See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ Β for more potential impact. Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html Β for more information on SSRF and its fix.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-03
Last Modified
2025-09-04
Generated
2026-05-07
AI Q&A
2025-09-03
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9821
EUVD
EUVD-2025-26495
Affected Vendors & Products
Showing 86 associated CPEs
Vendor Product Version / Range
mautic mautic 5.1.15
mautic mautic 5.1.45
mautic mautic 5.0.16-alpha
mautic mautic 5.1.9
mautic mautic 4.4.15
mautic mautic 5.0.7-alpha
mautic mautic 4.4.6
mautic mautic 5.1.48
mautic mautic 4.4.2
mautic mautic 5.1.50
mautic mautic 5.1.42
mautic mautic 5.0.3-alpha
mautic mautic 5.1.4
mautic mautic 5.1.23
mautic mautic 4.4.16
mautic mautic 5.1.17
mautic mautic 5.1.40
mautic mautic 5.1.5
mautic mautic 5.0.8-alpha
mautic mautic 5.0.2-alpha
mautic mautic 5.1.43
mautic mautic 5.1.22
mautic mautic 5.1.33
mautic mautic 5.1.8
mautic mautic 5.1.3
mautic mautic 4.4.13
mautic mautic 5.0.0-alpha
mautic mautic 5.1.1
mautic mautic 4.4.7
mautic mautic 4.4.4
mautic mautic 4.4.10
mautic mautic 5.1.6
mautic mautic 5.1.10
mautic mautic 5.1.36
mautic mautic 5.1.39
mautic mautic 5.0.12-alpha
mautic mautic 5.1.12
mautic mautic 5.1.20
mautic mautic 5.1.38
mautic mautic 5.0.9-alpha
mautic mautic 5.1.28
mautic mautic 4.4.9
mautic mautic 5.1.7
mautic mautic 5.1.13
mautic mautic 5.1.30
mautic mautic 4.4.12
mautic mautic 5.0.4-alpha
mautic mautic 5.1.25
mautic mautic 4.4.0
mautic mautic 5.1.2
mautic mautic 5.1.19
mautic mautic 4.4.11
mautic mautic 4.4.8
mautic mautic 5.1.34
mautic mautic 5.1.41
mautic mautic 5.1.27
mautic mautic 5.1.37
mautic mautic 5.0.15-alpha
mautic mautic 5.1.24
mautic mautic 5.1.31
mautic mautic 5.0.14-alpha
mautic mautic 5.0.6-alpha
mautic mautic 5.0.1-alpha
mautic mautic 5.1.26
mautic mautic 5.1.11
mautic mautic 5.1.21
mautic mautic 5.1.46
mautic mautic 5.1.47
mautic mautic 5.1.35
mautic mautic 4.4.1
mautic mautic 5.1.16
mautic mautic 5.1.18
mautic mautic 5.1.49
mautic mautic 5.0.11-alpha
mautic mautic 4.4.3
mautic mautic 5.1.44
mautic mautic 5.0.5-alpha
mautic mautic 4.4.5
mautic mautic 5.
mautic mautic 5.0.10-alpha
mautic mautic 5.1.0
mautic mautic 4.4.14
mautic mautic 5.1.14
mautic mautic 5.0.13-alpha
mautic mautic 5.1.32
mautic mautic 5.1.29
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-9821 is a Server-Side Request Forgery (SSRF) vulnerability in the Mautic application affecting the webhook functionality. It occurs because the webhook destination URL is not properly validated, allowing users with webhook permissions to make the server send requests to unintended internal or external destinations. If the user also has permission to view webhook logs, they can see partial responses from these requests, leading to information disclosure. [1]


How can this vulnerability impact me? :

This vulnerability can allow an attacker with webhook permissions to bypass firewalls and interact with internal services that are normally inaccessible from outside. This could expose internal network resources and potentially sensitive information. Additionally, if the attacker can view webhook logs, they may gain partial data from the responses, leading to information disclosure. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by reviewing webhook configurations and logs for unusual or unauthorized webhook destination URLs that may indicate SSRF attempts. Since the vulnerability requires webhook permissions, auditing user permissions for webhook access is also important. Network monitoring tools can be used to detect unexpected outbound requests from the application to internal services. Specific commands are not provided in the resources, but general steps include checking webhook URLs in the application and monitoring outbound HTTP requests from the server hosting Mautic. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include upgrading Mautic to a patched version: 4.4.17 or later, 5.2.8 or later, or 6.0.5 or later, where the webhook destination URL validation has been implemented. Additionally, restrict webhook permissions to trusted users only, and review webhook logs for suspicious activity. Implement network-level controls to limit outbound requests from the Mautic server to only necessary destinations. Refer to OWASP SSRF prevention guidelines for further hardening. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart