{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T03:36:47.339","vulnerabilities":[{"cve":{"id":"CVE-2022-25770","sourceIdentifier":"security@mautic.org","published":"2024-09-18T22:15:03.827","lastModified":"2025-02-27T19:42:12.837","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable."},{"lang":"es","value":"Mautic permite actualizar la aplicación mediante un script de actualización. La lógica de actualización no está protegida correctamente, lo que puede generar una situación vulnerable. Esta vulnerabilidad se ve mitigada por el hecho de que Mautic debe instalarse de una determinada manera para que sea vulnerable."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.1","versionEndExcluding":"4.4.13","matchCriteriaId":"496E995E-E33A-4481-83A6-38172DA11763"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.1.1","matchCriteriaId":"FC060988-1D0C-4CB2-A052-A0BCCD236381"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:-:*:*:*:*:*:*","matchCriteriaId":"99718D48-5C19-41C5-84E1-52E95F012830"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"9C1C106B-1B3D-427D-8147-5527E610F569"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:beta4:*:*:*:*:*:*","matchCriteriaId":"4E35B0F0-9BF1-45FA-8954-B8BFB7389C4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"213A9276-B9D1-4B4D-BBE9-FC42B6D63DE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:*","matchCriteriaId":"F366E4D8-1515-4E5F-8551-4C8D9E00D0D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:rc3:*:*:*:*:*:*","matchCriteriaId":"B4234B41-F219-45B7-83A1-8F0F652F2A8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:rc4:*:*:*:*:*:*","matchCriteriaId":"DA028F70-6020-47D6-BEC0-6FC0C7E18420"}]}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc","source":"security@mautic.org","tags":["Vendor Advisory"]}]}}]}