CVE-2025-5256

Name of the Vulnerable Software and Affected Versions Mautic versions prior to the version that properly validates or sanitizes the returnUrl parameter

Description The issue is related to an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits. The vulnerability exists in the "/s/action/unlock/user.user/0" endpoint, where the returnUrl parameter is not properly validated, allowing an attacker to craft a URL that redirects users to an arbitrary external website.

Recommendations Update Mautic to a version that properly validates or sanitizes the returnUrl parameter to ensure that redirects only occur to trusted, internal URLs or explicitly whitelisted domains. As a temporary workaround, consider restricting access to the /s/action/unlock/user.user/0 endpoint to minimize the risk of exploitation. Avoid using the returnUrl parameter in the affected endpoint until the issue is resolved.