Mautic 6.0.2

2 June 2025

Mautic version 6.0.2 is now available (security release).

Upgrading to Mautic 6.0.2

What's New in Mautic 6.0.2

• CVE-2025-5257 - Predictable Page Indexing Might Lead to Sensitive Data Exposure - Reported and fixed by @lenonleite and tested/reviewed by @escopecz and @kuzmany in GHSA-cqx4-9vqf-q3m8
  
• CVE-2024-47056 - Mautic does not shield .env files from web traffic - Reported by @r3ky, analyzed by @lenonleite fixed by @nick-vanpraet and tested/reviewed by @patrykgruszka in GHSA-h2wg-v8wg-jhxh
  
• CVE-2024-47057 - User name enumeration possible due to response time difference on password reset form - Reported and fixed by @tomekkowalczyk and reviewed by @patrykgruszka and @nick-vanpraet in GHSA-424x-cxvh-wq9p
  
• CVE-2024-47055 - Segment cloning doesn't have a proper permission check - Reported and fixed by @abhisekmazumdar and @nick-vanpraet and tested/reviewed by @patrykgruszka in GHSA-vph5-ghq3-q782
  
• CVE-2025-5256 - Open Redirect vulnerability on user unlock path - Reported and fixed by @tomekkowalczyk, tested/reviewed by @patrykgruszka and @nick-vanpraet in GHSA-6vx9-9r2g-8373
  

• fix #14449: Dynamic Content in emails - not all variants visible in editor by @Krishu0765 in #14966
  

• Fix #14804: Hamburger menu issue on mobile by @pelbox in #14886
  
• Fix #14457: Contact names with ampersands not showing in search by @goma101 in #14818
  
• Fix #14240: Blank link shown in theme actions dropdown by @pedroasgomes in #14833
  
• Fix: More trust settings: shows labels without inputs by @Krishu0765 in #14934
  
• Fix SMS duplicate send by @kuzmany in #14874
  
• Fixing migrations' preup checks by @escopecz in #14824
  
• Add migration preup checks by @matbcvo in #14852
  
• Allow more time window to make test valid. by @biozshock in #14918