CVE-2022-25775 – CVE-2022-25775 is an SQL injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2022-25775?

CVE-2022-25775 has a CVSS score of 6.6 (MEDIUM). CVE-2022-25775 is an SQL injection vulnerability in Mautic's Reports bundle that allows authenticated users to execute arbitrary SQL queries. This affects all Mautic instances with vulnerable versions where users have report access. Attackers could potentially access, modify, or delete database contents including sensitive user data.

📋 TL;DR

CVE-2022-25775 is an SQL injection vulnerability in Mautic's Reports bundle that allows authenticated users to execute arbitrary SQL queries. This affects all Mautic instances with vulnerable versions where users have report access. Attackers could potentially access, modify, or delete database contents including sensitive user data.

💻 Affected Systems

Products:

Mautic

Versions: All versions prior to 4.4.13

Operating Systems: All operating systems running Mautic

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to the Reports bundle functionality.

📦 What is this software?

Mautic by Acquia

View all CVEs affecting Mautic →

Mautic by Acquia

View all CVEs affecting Mautic →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data theft, privilege escalation, and potential file system manipulation if database permissions allow file operations.

🟠

Likely Case

Unauthorized access to sensitive data including user credentials, personal information, and system configuration data.

🟢

If Mitigated

Limited data exposure if proper input validation and parameterized queries are implemented, with minimal impact on system availability.

🌐 Internet-Facing: HIGH - Mautic instances exposed to the internet are directly accessible to attackers who can obtain valid credentials.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials could exploit this, but requires authenticated access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but SQL injection techniques are well-documented and easily automated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.13 and later

Vendor Advisory: https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94

Restart Required: No

Instructions:

1. Backup your Mautic instance and database. 2. Update Mautic to version 4.4.13 or later via composer update or manual upgrade. 3. Verify the update completed successfully. 4. Test report functionality to ensure no regression.

🔧 Temporary Workarounds

Disable Reports Bundle

all

Temporarily disable the vulnerable Reports bundle to prevent exploitation

php bin/console mautic:plugins:reload --disable=ReportsBundle

Restrict User Permissions

all

Limit report access to only essential administrative users

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block SQL injection patterns
Apply strict input validation and parameterized queries at application layer

🔍 How to Verify

Check if Vulnerable:

Check Mautic version via admin panel or run: php bin/console mautic:version

Check Version:

php bin/console mautic:version

Verify Fix Applied:

Confirm version is 4.4.13 or higher and test report generation functionality

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by report access
Unexpected report generation patterns

Network Indicators:

Unusual database connection patterns from web server
Large data transfers from database

SIEM Query:

source="mautic_logs" AND ("SQL error" OR "database error" OR "report" AND "unusual")

📊 Metadata

CVE ID: CVE-2022-25775

CVSS v3 Score: 6.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: September 18, 2024

Last Updated: September 23, 2024

🔗 References

https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25775, you might also want to check these: