CVE-2025-4981

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.5 Mattermost versions 9.11.x through 9.11.15 Mattermost versions 10.8.x through 10.8.0 Mattermost versions 10.7.x through 10.7.2 Mattermost versions 10.6.x through 10.6.5

Description Mattermost fails to sanitize filenames in the archive extractor, allowing authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution (RCE). This issue impacts instances where file uploads and document search by content are enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true), which are enabled by default. Approximately 97,000+ and 113,000+ potentially affected instances have been identified.

Recommendations Mattermost versions 10.5.x through 10.5.5: Update to a newer, fixed version. Mattermost versions 9.11.x through 9.11.15: Update to a newer, fixed version. Mattermost versions 10.8.x through 10.8.0: Update to a newer, fixed version. Mattermost versions 10.7.x through 10.7.2: Update to a newer, fixed version. Mattermost versions 10.6.x through 10.6.5: Update to a newer, fixed version.