PT-2025-7707 · Mattermost · Mattermost

Visat

Published

2025-02-24

Updated

2025-03-13

CVE-2025-20051

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mattermost versions 9.11.x through 9.11.7 Mattermost versions 10.2.x through 10.2.2 Mattermost versions 10.3.x through 10.3.2 Mattermost versions 10.4.x through 10.4.1

Description The issue is related to the failure of Mattermost to properly validate input when patching and duplicating a board. This allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards. It is estimated that over 95,100 services are potentially affected.

Recommendations For versions 9.11.x through 9.11.7, update to version 9.11.8. For versions 10.2.x through 10.2.2, update to version 10.2.3. For versions 10.3.x through 10.3.2, update to version 10.3.3. For versions 10.4.x through 10.4.1, update to version 10.4.2 or 10.5.0.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2025-09035

CVE-2025-20051

GHSA-V469-7WP6-7CVP

GO-2025-3483

OPENSUSE-SU-2025:14889-1

Affected Products

Mattermost

PT-2025-7707 · Mattermost · Mattermost

CVE-2025-20051

Weakness Enumeration

Related Identifiers

Affected Products

References · 63