CVE-2025-13827 - Vulnerability Details - OpenCVE

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Mautic	Mautic

No data.

No data.

References

Link	Providers
https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp

History

Thu, 04 Dec 2025 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mautic Mautic mautic
Vendors & Products		Mautic Mautic mautic

Tue, 02 Dec 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 02 Dec 2025 17:00:00 +0000

Type	Values Removed	Values Added
Description		Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.
Title		GrapesJsBuilder File Upload allows all file uploads
Weaknesses		CWE-434
References		https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp
Metrics		cvssV4_0 `{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: Mautic

Published: 2025-12-02T16:54:39.986Z

Updated: 2025-12-02T17:10:25.179Z

Reserved: 2025-12-01T15:20:24.945Z

Link: CVE-2025-13827

Vulnrichment

Updated: 2025-12-02T17:10:19.200Z

NVD

Status : Awaiting Analysis

Published: 2025-12-02T17:16:03.847

Modified: 2025-12-02T17:16:29.163

Link: CVE-2025-13827

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13827", "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "state": "PUBLISHED", "assignerShortName": "Mautic", "dateReserved": "2025-12-01T15:20:24.945Z", "datePublished": "2025-12-02T16:54:39.986Z", "dateUpdated": "2025-12-02T17:10:25.179Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://packagist.org", "defaultStatus": "unaffected", "packageName": "core", "product": "Mautic", "repo": "https://github.com/mautic/mautic", "vendor": "Mautic", "versions": [{"status": "affected", "version": "<4.4.18, <5.2.9, <6.0.7", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Jason Woods (driskell)"}, {"lang": "en", "type": "remediation reviewer", "value": "Patryk Gruszka (patrykgruszka)"}, {"lang": "en", "type": "remediation reviewer", "value": "Jan Linhart (escopecz)"}, {"lang": "en", "type": "remediation developer", "value": "Jason Woods (driskell)"}], "datePublic": "2025-12-01T15:10:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<h2>Summary</h2><br>Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. <br><h2>Impact</h2>If the media folder is not restricted from running files this can lead to a remote code execution."}], "value": "Summary\nArbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. \nImpactIf the media folder is not restricted from running files this can lead to a remote code execution."}], "impacts": [{"capecId": "CAPEC-244", "descriptions": [{"lang": "en", "value": "CAPEC-244 XSS Targeting URI Placeholders"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "shortName": "Mautic", "dateUpdated": "2025-12-02T16:54:39.986Z"}, "references": [{"url": "https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp"}], "source": {"advisory": "GHSA-5xw2-57jx-pgjp", "discovery": "EXTERNAL"}, "title": "GrapesJsBuilder File Upload allows all file uploads", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-02T17:10:05.493140Z", "id": "CVE-2025-13827", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-02T17:10:25.179Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13827", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-02T17:10:05.493140Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-02T17:10:19.200Z"}}], "cna": {"title": "GrapesJsBuilder File Upload allows all file uploads", "source": {"advisory": "GHSA-5xw2-57jx-pgjp", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Jason Woods (driskell)"}, {"lang": "en", "type": "remediation reviewer", "value": "Patryk Gruszka (patrykgruszka)"}, {"lang": "en", "type": "remediation reviewer", "value": "Jan Linhart (escopecz)"}, {"lang": "en", "type": "remediation developer", "value": "Jason Woods (driskell)"}], "impacts": [{"capecId": "CAPEC-244", "descriptions": [{"lang": "en", "value": "CAPEC-244 XSS Targeting URI Placeholders"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/mautic/mautic", "vendor": "Mautic", "product": "Mautic", "versions": [{"status": "affected", "version": "<4.4.18, <5.2.9, <6.0.7", "versionType": "semver"}], "packageName": "core", "collectionURL": "https://packagist.org", "defaultStatus": "unaffected"}], "datePublic": "2025-12-01T15:10:00.000Z", "references": [{"url": "https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Summary\nArbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. \nImpactIf the media folder is not restricted from running files this can lead to a remote code execution.", "supportingMedia": [{"type": "text/html", "value": "<h2>Summary</h2><br>Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. <br><h2>Impact</h2>If the media folder is not restricted from running files this can lead to a remote code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "shortName": "Mautic", "dateUpdated": "2025-12-02T16:54:39.986Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13827", "state": "PUBLISHED", "dateUpdated": "2025-12-02T17:10:25.179Z", "dateReserved": "2025-12-01T15:20:24.945Z", "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "datePublished": "2025-12-02T16:54:39.986Z", "assignerShortName": "Mautic"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Summary\nArbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. \nImpactIf the media folder is not restricted from running files this can lead to a remote code execution."}], "id": "CVE-2025-13827", "lastModified": "2025-12-02T17:16:29.163", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@mautic.org", "type": "Secondary"}]}, "published": "2025-12-02T17:16:03.847", "references": [{"source": "security@mautic.org", "url": "https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp"}], "sourceIdentifier": "security@mautic.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@mautic.org", "type": "Secondary"}]}