CVE-2025-13828 (GCVE-0-2025-13828)
Vulnerability from cvelistv5 – Published: 2025-12-02 16:54 – Updated: 2025-12-02 17:12
VLAI
EPSS
VEX
Title
Mautic user without privileged access to the Marketplace can install and uninstall composer packages
Summary
SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.
ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
Impacted products
Date Public
2025-12-01 15:10
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T17:11:56.937488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T17:12:20.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"status": "affected",
"version": "\u003c4.4.18, \u003c5.2.9, \u003c6.0.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jason Woods (driskell)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jason Woods (driskell)"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Jan Linhart (escopecz)"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka (patrykgruszka)"
}
],
"datePublic": "2025-12-01T15:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch2\u003eSummary\u003c/h2\u003e\u003cp\u003eA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.\u003c/p\u003e\u003ch2\u003eImpact\u003c/h2\u003e\u003cp\u003eA low-privileged user of the platform can install malicious code to obtain higher privileges.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.\n\nImpactA low-privileged user of the platform can install malicious code to obtain higher privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:54:58.898Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-3fq7-c5m8-g86x"
}
],
"source": {
"advisory": "GHSA-3fq7-c5m8-g86x",
"discovery": "EXTERNAL"
},
"title": "Mautic user without privileged access to the Marketplace can install and uninstall composer packages",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2025-13828",
"datePublished": "2025-12-02T16:54:58.898Z",
"dateReserved": "2025-12-01T15:20:25.618Z",
"dateUpdated": "2025-12-02T17:12:20.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-13828",
"date": "2026-07-13",
"epss": "0.00215",
"percentile": "0.11888"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-13828\",\"sourceIdentifier\":\"security@mautic.org\",\"published\":\"2025-12-02T17:16:04.080\",\"lastModified\":\"2026-06-17T08:34:50.433\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.\\n\\nImpactA low-privileged user of the platform can install malicious code to obtain higher privileges.\"}],\"affected\":[{\"source\":\"security@mautic.org\",\"affectedData\":[{\"vendor\":\"Mautic\",\"product\":\"Mautic\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://packagist.org\",\"packageName\":\"mautic/core\",\"repo\":\"https://github.com/mautic/mautic\",\"versions\":[{\"version\":\"\u003c4.4.18, \u003c5.2.9, \u003c6.0.7\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@mautic.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-12-02T17:11:56.937488Z\",\"id\":\"CVE-2025-13828\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@mautic.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"references\":[{\"url\":\"https://github.com/mautic/mautic/security/advisories/GHSA-3fq7-c5m8-g86x\",\"source\":\"security@mautic.org\"}]}}",
"redhat_vex": {
"current_release_date": "2025-12-03T17:01:58+00:00",
"cve": "CVE-2025-13828",
"id": "CVE-2025-13828",
"initial_release_date": "2025-12-01T15:10:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "Mautic user without privileged access to the Marketplace can install and uninstall composer packages",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13828.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-13828\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-02T17:11:56.937488Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-02T17:12:06.655Z\"}}], \"cna\": {\"title\": \"Mautic user without privileged access to the Marketplace can install and uninstall composer packages\", \"source\": {\"advisory\": \"GHSA-3fq7-c5m8-g86x\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Jason Woods (driskell)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Jason Woods (driskell)\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Jan Linhart (escopecz)\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Patryk Gruszka (patrykgruszka)\"}], \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/mautic/mautic\", \"vendor\": \"Mautic\", \"product\": \"Mautic\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c4.4.18, \u003c5.2.9, \u003c6.0.7\", \"versionType\": \"semver\"}], \"packageName\": \"mautic/core\", \"collectionURL\": \"https://packagist.org\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-12-01T15:10:00.000Z\", \"references\": [{\"url\": \"https://github.com/mautic/mautic/security/advisories/GHSA-3fq7-c5m8-g86x\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.\\n\\nImpactA low-privileged user of the platform can install malicious code to obtain higher privileges.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ch2\u003eSummary\u003c/h2\u003e\u003cp\u003eA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.\u003c/p\u003e\u003ch2\u003eImpact\u003c/h2\u003e\u003cp\u003eA low-privileged user of the platform can install malicious code to obtain higher privileges.\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"4e531c38-7a33-45d3-98dd-d909c0d8852e\", \"shortName\": \"Mautic\", \"dateUpdated\": \"2025-12-02T16:54:58.898Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-13828\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-02T17:12:20.703Z\", \"dateReserved\": \"2025-12-01T15:20:25.618Z\", \"assignerOrgId\": \"4e531c38-7a33-45d3-98dd-d909c0d8852e\", \"datePublished\": \"2025-12-02T16:54:58.898Z\", \"assignerShortName\": \"Mautic\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…