CVE-2025-13827 - Vulnerability Details - OpenCVE

Summary
Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted.
ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp

History

Tue, 02 Dec 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 02 Dec 2025 17:00:00 +0000

Type	Values Removed	Values Added
Description		Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.
Title		GrapesJsBuilder File Upload allows all file uploads
Weaknesses		CWE-434
References		https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp
Metrics		cvssV4_0 `{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: Mautic

Published: 2025-12-02T16:54:39.986Z

Updated: 2025-12-02T17:10:25.179Z

Reserved: 2025-12-01T15:20:24.945Z

Link: CVE-2025-13827

Vulnrichment

Updated: 2025-12-02T17:10:19.200Z

NVD

Status : Awaiting Analysis

Published: 2025-12-02T17:16:03.847

Modified: 2025-12-02T17:16:29.163

Link: CVE-2025-13827

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13827", "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "state": "PUBLISHED", "assignerShortName": "Mautic", "dateReserved": "2025-12-01T15:20:24.945Z", "datePublished": "2025-12-02T16:54:39.986Z", "dateUpdated": "2025-12-02T17:10:25.179Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://packagist.org", "defaultStatus": "unaffected", "packageName": "core", "product": "Mautic", "repo": "https://github.com/mautic/mautic", "vendor": "Mautic", "versions": [{"status": "affected", "version": "<4.4.18, <5.2.9, <6.0.7", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Jason Woods (driskell)"}, {"lang": "en", "type": "remediation reviewer", "value": "Patryk Gruszka (patrykgruszka)"}, {"lang": "en", "type": "remediation reviewer", "value": "Jan Linhart (escopecz)"}, {"lang": "en", "type": "remediation developer", "value": "Jason Woods (driskell)"}], "datePublic": "2025-12-01T15:10:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<h2>Summary</h2><br>Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. <br><h2>Impact</h2>If the media folder is not restricted from running files this can lead to a remote code execution."}], "value": "Summary\nArbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. \nImpactIf the media folder is not restricted from running files this can lead to a remote code execution."}], "impacts": [{"capecId": "CAPEC-244", "descriptions": [{"lang": "en", "value": "CAPEC-244 XSS Targeting URI Placeholders"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "shortName": "Mautic", "dateUpdated": "2025-12-02T16:54:39.986Z"}, "references": [{"url": "https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp"}], "source": {"advisory": "GHSA-5xw2-57jx-pgjp", "discovery": "EXTERNAL"}, "title": "GrapesJsBuilder File Upload allows all file uploads", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-02T17:10:05.493140Z", "id": "CVE-2025-13827", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-02T17:10:25.179Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13827", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-02T17:10:05.493140Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-02T17:10:19.200Z"}}], "cna": {"title": "GrapesJsBuilder File Upload allows all file uploads", "source": {"advisory": "GHSA-5xw2-57jx-pgjp", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Jason Woods (driskell)"}, {"lang": "en", "type": "remediation reviewer", "value": "Patryk Gruszka (patrykgruszka)"}, {"lang": "en", "type": "remediation reviewer", "value": "Jan Linhart (escopecz)"}, {"lang": "en", "type": "remediation developer", "value": "Jason Woods (driskell)"}], "impacts": [{"capecId": "CAPEC-244", "descriptions": [{"lang": "en", "value": "CAPEC-244 XSS Targeting URI Placeholders"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/mautic/mautic", "vendor": "Mautic", "product": "Mautic", "versions": [{"status": "affected", "version": "<4.4.18, <5.2.9, <6.0.7", "versionType": "semver"}], "packageName": "core", "collectionURL": "https://packagist.org", "defaultStatus": "unaffected"}], "datePublic": "2025-12-01T15:10:00.000Z", "references": [{"url": "https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Summary\nArbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. \nImpactIf the media folder is not restricted from running files this can lead to a remote code execution.", "supportingMedia": [{"type": "text/html", "value": "<h2>Summary</h2><br>Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. <br><h2>Impact</h2>If the media folder is not restricted from running files this can lead to a remote code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "shortName": "Mautic", "dateUpdated": "2025-12-02T16:54:39.986Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13827", "state": "PUBLISHED", "dateUpdated": "2025-12-02T17:10:25.179Z", "dateReserved": "2025-12-01T15:20:24.945Z", "assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e", "datePublished": "2025-12-02T16:54:39.986Z", "assignerShortName": "Mautic"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Summary\nArbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. \nImpactIf the media folder is not restricted from running files this can lead to a remote code execution."}], "id": "CVE-2025-13827", "lastModified": "2025-12-02T17:16:29.163", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@mautic.org", "type": "Secondary"}]}, "published": "2025-12-02T17:16:03.847", "references": [{"source": "security@mautic.org", "url": "https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp"}], "sourceIdentifier": "security@mautic.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@mautic.org", "type": "Secondary"}]}