CVE-2025-13828 – Mautic user without privileged access to the Marketplace can install and uninstall composer packages

CVE ID : CVE-2025-13828

Published : Dec. 2, 2025, 5:16 p.m. | 1 hour, 10 minutes ago

Description : SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked.

ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges.

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…