Vulnerability Database

308,681

Total vulnerabilities in the database

CVE-2025-9821

SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed

DetailsWhen sending webhooks, the destination is not validated, causing SSRF.

ImpactBypass of firewalls to interact with internal services. See https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/ for more potential impact.

Resources https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html for more information on SSRF and its fix.

Published: Sep 3, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-9821
GHSA: GHSA-hj6f-7hp7-xg69
Severity: Low
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
mautic / core	4.4.0	4.4.17
mautic / core	5.0.0-alpha	5.2.8
mautic / core	6.0.0-alpha	6.0.5

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo