How severe is CVE-2022-25769?

CVE-2022-25769 has a CVSS v3 score of 7.2 (HIGH).

CVE-2022-25769

Name: mautic
Author: acquia

7.2HIGH

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the rege

公開日: 9/18/2024更新日: 2/27/2025

説明

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.

AI分析AIによる分析

影響を受ける製品

acquiamautic

参照

https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56
Vendor Advisory
https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic
Release Notes