A Server-Side Template Injection vulnerability in Mautic's theme engine allows authenticated users with theme creation permissions to execute arbitrary code on the hosting server. The platform renders uploaded Twig templates without proper sandboxing or function restrictions. This can lead to Remote Code Execution (RCE) or unauthorized access to restricted system files and configuration settings. The vulnerability affects the theme upload functionality where malicious Twig templates can be processed without adequate security controls.