PT-2025-36623 — SSRF in Packagist Mautic/Core

PT-2025-36623 · Packagist · Mautic/Core

Published

2025-09-03

Updated

2025-09-03

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Summary

Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed

Details

When sending webhooks, the destination is not validated, causing SSRF.

Impact

Bypass of firewalls to interact with internal services. See https://owasp.org/Top10/A10 2021-Server-Side Request Forgery %28SSRF%29/ for more potential impact.

Resources

https://cheatsheetseries.owasp.org/cheatsheets/Server Side Request Forgery Prevention Cheat Sheet.html for more information on SSRF and its fix

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

GHSA-HJ6F-7HP7-XG69

Affected Products

Mautic/Core