PT-2025-34258 · Mattermost · Mattermost
Daw10
·
Published
2025-08-21
·
Updated
2025-08-29
·
CVE-2025-6465
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Mattermost versions 10.8.x through 10.8.3
Mattermost versions 10.5.x through 10.5.8
Mattermost versions 10.10.x through 10.10.0
Mattermost versions 10.9.x through 10.9.3
Description:
The application fails to sanitize file names, potentially allowing users with file upload permissions to overwrite file attachment thumbnails through path traversal in file streaming APIs.
Recommendations:
Mattermost versions 10.8.x through 10.8.3: Implement robust file name sanitization to prevent path traversal vulnerabilities.
Mattermost versions 10.5.x through 10.5.8: Implement robust file name sanitization to prevent path traversal vulnerabilities.
Mattermost versions 10.10.x through 10.10.0: Implement robust file name sanitization to prevent path traversal vulnerabilities.
Mattermost versions 10.9.x through 10.9.3: Implement robust file name sanitization to prevent path traversal vulnerabilities.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost