How severe is CVE-2022-25769?

CVE-2022-25769 has a CVSS v3 score of 7.2 (HIGH).

CVE-2022-25769

Name: mautic
Author: acquia

7.2HIGH

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the rege

Published: 9/18/2024Updated: 2/27/2025

Description

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.

AI AnalysisPowered by AI

Affected Products

acquiamautic

References

https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56
Vendor Advisory
https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic
Release Notes