An SSTI vulnerability in Mautic permits authenticated attackers to execute arbitrary code or access sensitive system files.

The Mautic theme engine renders Twig templates without a sandbox or strict function restrictions. Authenticated users with theme creation or upload capabilities can inject malicious code into templates, leading to Remote Code Execution (RCE) or unauthorized file access.

The vulnerability carries a CVSS score of 9.9, reflecting the extreme risk of RCE. While it requires authenticated access, the ability to compromise the host server via theme manipulation poses a severe threat to the integrity and confidentiality of the Mautic platform and associated marketing data.

Immediate Action: Update to Mautic version 4.4.20, 5.2.11, 6.0.9, or 7.1.2 as appropriate for your branch.

Proactive Monitoring: Audit user permissions regarding theme uploads and monitor server logs for unusual template-related activity or unauthorized system file access.

Compensating Controls: Restrict theme upload permissions to only highly trusted administrative users and implement file integrity monitoring on the theme directory.

Public Exploit Available: False

Users should apply the specified patches immediately. Due to the high risk of RCE, administrators should also review the current list of users with theme management permissions to minimize the attack surface.