CVE-2025-7381 is an information disclosure vulnerability identified in the Mautic Docker images, specifically versions prior to 6.0.3-20250707-apache and 6.0.3-20250707-fpm. The root cause of this vulnerability lies in the PHP base image used within these Docker containers, where the PHP version is exposed via the HTTP response header 'X-Powered-By'. This header reveals the exact PHP version running on the server, which can be leveraged by attackers to fingerprint the server environment. Fingerprinting allows attackers to identify specific software versions and potentially known vulnerabilities associated with those versions, thereby facilitating targeted attacks. The vulnerability is classified under CWE-497, which pertains to Exposure of System Information Through Error Messages or Information Leakage. The CVSS v3.1 base score is 5.3 (medium severity), reflecting that the vulnerability is remotely exploitable over the network without authentication or user interaction, but only results in limited confidentiality impact (information disclosure) without affecting integrity or availability. The vulnerability can be mitigated by disabling the exposure of the PHP version in HTTP headers. This is achieved by setting the 'expose_php' directive to 'Off' in the PHP configuration file located at /usr/local/etc/php/php.ini. This change prevents PHP from sending the 'X-Powered-By' header, thereby reducing the information available to potential attackers. No known exploits are currently reported in the wild, and no official patches are linked, but updating to version 6.0.3-20250707 or later is implied to resolve the issue.

For European organizations, this vulnerability primarily poses a risk of information leakage that could aid attackers in reconnaissance activities. While the direct impact is limited to disclosure of the PHP version, this information can be a critical piece in the attack chain, enabling adversaries to tailor exploits against known vulnerabilities in that PHP version or related components. Organizations running Mautic Docker containers with affected versions may inadvertently reveal their server environment details to external actors, increasing their exposure to targeted attacks. This is particularly relevant for organizations handling sensitive customer data or operating in regulated sectors such as finance, healthcare, or government, where even minor information disclosures can contribute to broader security breaches. However, since this vulnerability does not allow direct compromise of data integrity or availability, the immediate operational impact is low. The risk is elevated if combined with other vulnerabilities or misconfigurations. European entities using Mautic for marketing automation or customer engagement should be aware that attackers could use this information to craft phishing campaigns or exploit chained vulnerabilities. Overall, the vulnerability increases the attack surface and could facilitate more sophisticated attacks if left unmitigated.

European organizations should implement the following specific mitigation steps: 1) Immediately update Mautic Docker images to version 6.0.3-20250707 or later, where this vulnerability is addressed. 2) Manually verify and set the 'expose_php' directive to 'Off' in the PHP configuration file (/usr/local/etc/php/php.ini) within the Docker container to prevent the 'X-Powered-By' header from being sent. This can be done by adding or modifying the line 'expose_php = Off'. 3) Conduct regular security audits of Docker container configurations to ensure no sensitive headers or information are exposed unintentionally. 4) Employ web application firewalls (WAFs) or reverse proxies to filter or remove sensitive headers from HTTP responses as an additional layer of defense. 5) Monitor network traffic and logs for unusual reconnaissance activity that might indicate attackers probing for server information. 6) Integrate vulnerability scanning tools that specifically check for information disclosure headers in web responses to proactively detect similar issues. 7) Educate DevOps and security teams about secure container hardening practices, emphasizing minimizing information leakage. These targeted actions go beyond generic advice by focusing on container-specific configuration and operational controls.