← Volver a CVEs
CVE-2025-9821
LOW2.7
Descripcion
SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal services. See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ for more potential impact. Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF and its fix.
Detalles CVE
Puntuacion CVSS v3.12.7
SeveridadLOW
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado9/3/2025
Ultima modificacion9/4/2025
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-918
Referencias
https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69(security@mautic.org)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.