CVE-2025-13827

Vulnerability Description

Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.

Related Weaknesses (CWE)

CWE-434

References

https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp

FAQ

What is CVE-2025-13827?

CVE-2025-13827 is a documented vulnerability. Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this ca...

How severe is CVE-2025-13827?

CVSS scoring is not yet available for CVE-2025-13827. Check NVD for updates.

Is there a patch for CVE-2025-13827?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.