How severe is CVE-2022-25769?

CVE-2022-25769 has a CVSS v3 score of 7.2 (HIGH).

CVE-2022-25769

Name: mautic
Author: acquia

7.2HIGH

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the rege

Publicado: 9/18/2024Actualizado: 2/27/2025

Descripción

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.

Análisis IAImpulsado por IA

Productos Afectados

acquiamautic

Referencias

https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56
Vendor Advisory
https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic
Release Notes