PT-2025-38620 · Mattermost · Mattermost

Daw10

Published

2025-09-19

Updated

2025-10-27

CVE-2025-9081

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.8 Mattermost versions 9.11.x through 9.11.17

Description Mattermost fails to properly validate access controls, allowing any authenticated user to download sensitive files. This is possible through the board file download endpoint using UUID enumeration.

Recommendations Update Mattermost versions prior to 10.5.9. Update Mattermost versions prior to 9.11.18.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-9081

GHSA-F72G-52V7-MG3P

GO-2025-3978

OPENSUSE-SU-2025:15576-1

SUSE-SU-2025:3799-1

Affected Products

Mattermost

PT-2025-38620 · Mattermost · Mattermost

CVE-2025-9081

Weakness Enumeration

Related Identifiers

Affected Products

References · 49