{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T17:32:16.218","vulnerabilities":[{"cve":{"id":"CVE-2025-5257","sourceIdentifier":"security@mautic.org","published":"2025-05-28T17:15:25.917","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information.\n\nUnauthorized Access to Unpublished Page Previews: The page preview functionality for unpublished content, accessible via predictable URLs (e.g., /page/preview/1, /page/preview/2), lacked proper authorization checks. This allowed any unauthenticated user to view content that was not yet intended for public release, and allowed search engines to index these private preview URLs, making the content publicly discoverable.\nMitigationMautic has patched this vulnerability by enforcing proper permission checks on preview pages. Users should upgrade to the patched version of Mautic or later."},{"lang":"es","value":"Resumen: Este aviso aborda una vulnerabilidad de seguridad en Mautic que permitía a usuarios no autenticados acceder a vistas previas de páginas no publicadas, las cuales podrían ser indexadas por motores de búsqueda. Esto podría provocar la divulgación involuntaria de borradores o información confidencial. Acceso no autorizado a vistas previas de páginas no publicadas: La función de vista previa de páginas para contenido no publicado, accesible mediante URL predecibles (p. ej., /page/preview/1, /page/preview/2), carecía de las comprobaciones de autorización adecuadas. Esto permitía a cualquier usuario no autenticado ver contenido que aún no estaba destinado a ser publicado, y permitía a los motores de búsqueda indexar estas URL de vista previa privadas, haciendo que el contenido fuera visible públicamente. Mitigación: Mautic ha corregido esta vulnerabilidad implementando las comprobaciones de permisos adecuadas en las páginas de vista previa. Los usuarios deben actualizar a la versión corregida de Mautic o una versión posterior."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1284"}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8","source":"security@mautic.org"}]}}]}