Home

Description

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal services. See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/  for more potential impact. Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html  for more information on SSRF and its fix.

PUBLISHED Reserved 2025-09-02 | Published 2025-09-03 | Updated 2025-09-03 | Assigner Mautic




LOW: 2.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status
unaffected

>= 4.4.0
affected

>= 5.0.0-alpha
affected

>= 6.0.0-alpha
affected

Credits

asesidaa reporter

lukehebe reporter

patrykgruszka remediation developer

kuzmany remediation reviewer

References

github.com/...mautic/security/advisories/GHSA-hj6f-7hp7-xg69

cve.org (CVE-2025-9821)

nvd.nist.gov (CVE-2025-9821)

Download JSON