CVE-2025-13828
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-02
Last updated on: 2025-12-02
Assigner: Mautic
Description
Description
SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.
ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mautic | mautic | 4.4.18 |
| mautic | mautic | 4.0 |
| mautic | mautic | 5.2.9 |
| mautic | mautic | 6.0.7 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows a non-privileged user to install and remove arbitrary packages via composer on a composer-based installation, even if the update settings flag to enable composer-based updates is disabled. Essentially, a low-privileged user can exploit this to install malicious code.
How can this vulnerability impact me? :
The vulnerability can allow a low-privileged user to install malicious code on the platform, which can be used to escalate their privileges and potentially compromise the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70