CVE-2025-13828

Vulnerability Description

SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges.

Related Weaknesses (CWE)

CWE-862

References

https://github.com/mautic/mautic/security/advisories/GHSA-3fq7-c5m8-g86x

FAQ

What is CVE-2025-13828?

CVE-2025-13828 is a documented vulnerability. SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. I...

How severe is CVE-2025-13828?

CVSS scoring is not yet available for CVE-2025-13828. Check NVD for updates.

Is there a patch for CVE-2025-13828?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.