CVE-2025-13827

Published: Dec 2, 2025

Modified: Dec 2, 2025

PUBLISHED

Description

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.

Vendor	Product	Versions
Mautic	Mautic	affected `<4.4.18, <5.2.9, <6.0.7`

Weaknesses (CWE)

CWE-434

References

https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-13827

Description

Affected Products

Weaknesses (CWE)

References