CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-20051

CVSS 9.9v3.1pub. 2025-02-24upd. 2025-08-18

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.

🤖 AI Analysis
How it works

Mattermost Server improperly validates input data during patch operations and board duplication in the Boards module. An attacker, being a logged-in user, can create a specially crafted block containing path traversal sequences (e.g., '../'), and then duplicate it. Due to insufficient path validation, the server reads the file indicated by the attacker from outside the allowed directory. This allows access to any files available to the server process.

Impact

An authenticated attacker can read arbitrary files on the server, including configuration files, private keys, credentials, or other sensitive resources accessible to the Mattermost Server process.

Mitigation & patch

Mattermost Server should be updated to versions higher than 10.4.1, 10.3.2, 10.2.2 (10.x branch) and 9.11.7 (9.11.x branch). Detailed information about patches is available at: https://mattermost.com/security-updates

Who is affected

Mattermost Server in versions: 10.4.x <= 10.4.1, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 and 9.11.x <= 9.11.7

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Mattermost Server

    APP
    Mattermost
    9.11.0 – 9.11.8 (bez)10.2.0 – 10.2.3 (bez)10.3.0 – 10.3.3 (bez)10.4.0 – 10.4.2 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2025-12419CRITICAL9.9PL ✓ten sam produkt

Mattermost Server: przejęcie konta przez błędną walidację OAuth state token

CVE-2025-12421CRITICAL9.9PL ✓ten sam produkt

Mattermost Server — przejęcie konta przez błąd weryfikacji tokenu OAuth (account takeover)

CVE-2025-4981CRITICAL9.9PL ✓ten sam produkt

Mattermost Server: path traversal w ekstraktorze archiwów umożliwia RCE

CVE-2025-25279CRITICAL9.9PL ✓ten sam produkt

Mattermost Server — path traversal przy imporcie tablic (Boards)

CVE-2025-24490CRITICAL9.6PL ✓ten sam produkt

SQL Injection w Mattermost Server — podatność przy zmianie kolejności tablic