Mautic 6.0.6
1 October 2025
Mautic version 6.0.6 is now available (security release).
Upgrading to Mautic 6.0.6
Mautic 6.0.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Mautic updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Mautic install to test the 6.0.6 upgrade prior to applying it live. Get started managing your Mautic installations with Installatron
What's New in Mautic 6.0.6
6.0.6
Bug Fixes
- Custom fields: Number field seems to offer help but there are no tooltips showing. by @biozshock in #15308
- Forms: Fix form edit error with no group "adjust contact's point" action by @kou in #15452
- API: fix(Form): Correct key existence check in FieldType by @shinde-rahul in #15363
- Automated tests: Test to confirm empty values are applied to select and multiselect fields by @biozshock in #15358
6.0.5
Security
- CVE-2025-9821 - SSRF via webhook function - Reported by @asesidaa and fixed by @patrykgruszka and tested/reviewed by @kuzmany in
GHSA-hj6f-7hp7-xg69
- CVE-2025-9822 - Secret data extraction via elfinder - Reported by @B0D0B0P0T and fixed by @lenonleite and tested/reviewed by @kuzmany in
GHSA-438m-6mhw-hq5w
- CVE-2025-9824 - User Enumeration via Response Timing - Reported by @Vautia and fixed by @nick-vanpraet and tested/reviewed by @kuzmany in
GHSA-3ggv-qwcp-j6xg
- CVE-2025-9823 - Reflected XSS in lead:addLeadTags - Quick Add - Reported and fixed by @nmmorette and tested/reviewed by @kuzmany and @patrykgruszka in
GHSA-9v8p-m85m-f7mm
Bug Fixes
- DPMMA-2974 Fix Email chart stats for unsubscribed and bounced recipients by @patrykgruszka in #15315
- DPMMA-3186 Fix IMAP\Connection is already closed by @patrykgruszka in #15364
- Remove migration Version20230522141144 [6.0] by @matbcvo in #15385