Mautic

Recent Changes

• Update mautic to 6.0.2

• Full Changelog

• CVE-2025-5257 - Predictable Page Indexing Might Lead to Sensitive Data Exposure - Reported and fixed by @lenonleite and tested/reviewed by @escopecz and @kuzmany in https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8

• CVE-2024-47056 - Mautic does not shield .env files from web traffic - Reported by @r3ky, analyzed by @lenonleite fixed by @nick-vanpraet and tested/reviewed by @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh

• CVE-2024-47057 - User name enumeration possible due to response time difference on password reset form - Reported and fixed by @tomekkowalczyk and reviewed by @patrykgruszka and @nick-vanpraet in https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p

• CVE-2024-47055 - Segment cloning doesn't have a proper permission check - Reported and fixed by @abhisekmazumdar and @nick-vanpraet and tested/reviewed by @patrykgruszka in https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782

• CVE-2025-5256 - Open Redirect vulnerability on user unlock path - Reported and fixed by @tomekkowalczyk, tested/reviewed by @patrykgruszka and @nick-vanpraet in https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373

• fix #14449: Dynamic Content in emails - not all variants visible in editor by @Krishu0765 in https://github.com/mautic/mautic/pull/14966