GHSA-3ggv-qwcp-j6xg

Source

https://github.com/advisories/GHSA-3ggv-qwcp-j6xg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-3ggv-qwcp-j6xg/GHSA-3ggv-qwcp-j6xg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3ggv-qwcp-j6xg

Aliases

CVE-2025-9824

Published

2025-09-03T22:20:16Z

Modified

2025-09-03T22:27:22.612565Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Mautic Vulnerable to User Enumeration via Response Timing

Details

Impact

The attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks.

Patches

This vulnerability has been patched, implementing a timing-safe form login authenticator that ensures consistent response times regardless of whether a user exists or not.

Technical Details

The vulnerability was caused by different response times when: - A valid username was provided (password hashing occurred) - An invalid username was provided (no password hashing occurred)

The fix introduces a TimingSafeFormLoginAuthenticator that performs a dummy password hash verification even for non-existent users, ensuring consistent timing.

Workarounds

No workarounds are available. Users should upgrade to the patched version.

References

https://owasp.org/www-project-web-security-testing-guide/latest/4-WebApplicationSecurityTesting/03-IdentityManagementTesting/04-TestingforAccountEnumerationandGuessableUserAccount
https://github.com/mautic/mautic-security/pull/146

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-204"
    ],
    "severity": "MODERATE",
    "nvd_published_at": "2025-09-03T15:15:49Z",
    "github_reviewed_at": "2025-09-03T22:20:16Z"
}

References

Affected packages

Packagist / mautic/core

Package

Name: mautic/core
Purl: pkg:composer/mautic/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.17

Affected versions

4.*

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.4.8

4.4.9

4.4.10

4.4.11

4.4.12

4.4.13

Packagist / mautic/core

Package

Name: mautic/core
Purl: pkg:composer/mautic/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0-alpha

Fixed

5.2.8

Affected versions

5.*

5.0.0-alpha

5.0.0-alpha1

5.0.0-beta1

5.0.0-beta2

5.0.0-rc1

5.0.0-rc2

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.1.0

5.1.1

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.2.6

5.2.7

Packagist / mautic/core

Package

Name: mautic/core
Purl: pkg:composer/mautic/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0-alpha

Fixed

6.0.5

Affected versions

6.*

6.0.0-alpha

6.0.0-beta2

6.0.0-rc

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4