{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T11:12:27.347","vulnerabilities":[{"cve":{"id":"CVE-2025-9821","sourceIdentifier":"security@mautic.org","published":"2025-09-03T10:15:38.133","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed\n\nDetailsWhen sending webhooks, the destination is not validated, causing SSRF.\n\n\nImpactBypass of firewalls to interact with internal services.\nSee  https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/  for more potential impact.\n\nResources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html  for more information on SSRF and its fix."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69","source":"security@mautic.org"}]}}]}