CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-25279

CVSS 9.9v3.1pub. 2025-02-24upd. 2025-10-02

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards.

🤖 AI Analysis
How it works

Mattermost Server incorrectly validates board blocks during the import process. An attacker can prepare a specially crafted import archive containing paths that reference locations outside the allowed directory (path traversal). After importing and then exporting such an archive in the Boards module, it is possible to read any file accessible to the server process on the host.

Impact

An attacker with regular user privileges can read any file on the server, including configuration files containing credentials, private keys, or other sensitive information, which may lead to further system compromise.

Mitigation & patch

Mattermost Server should be updated to versions higher than 10.4.1, 10.3.2, 10.2.2, or 9.11.7 according to information published by the vendor at https://mattermost.com/security-updates

Who is affected

Mattermost Server in versions: 10.4.x <= 10.4.1, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2, 9.11.x <= 9.11.7

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Mattermost Server

    APP
    Mattermost
    9.11.0 – 9.11.8 (bez)10.2.0 – 10.2.3 (bez)10.3.0 – 10.3.3 (bez)10.4.0 – 10.4.2 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2025-12419CRITICAL9.9PL ✓ten sam produkt

Mattermost Server: przejęcie konta przez błędną walidację OAuth state token

CVE-2025-12421CRITICAL9.9PL ✓ten sam produkt

Mattermost Server — przejęcie konta przez błąd weryfikacji tokenu OAuth (account takeover)

CVE-2025-4981CRITICAL9.9PL ✓ten sam produkt

Mattermost Server: path traversal w ekstraktorze archiwów umożliwia RCE

CVE-2025-24490CRITICAL9.6PL ✓ten sam produkt

SQL Injection w Mattermost Server — podatność przy zmianie kolejności tablic

CVE-2025-20051CRITICAL9.9PL ✓ten sam produkt

Mattermost Server: path traversal przy duplikowaniu bloków w Boards