Skip to main content

Mattermost Server CVE-2025-4981

| EUVDEUVD-2025-28315 CRITICAL
Uncontrolled Search Path Element (CWE-427)
2025-06-20 responsibledisclosure@mattermost.com GHSA-qh58-9v3j-wcjc
9.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
SUSE
CRITICAL
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 00:19 euvd
EUVD-2025-28315
Analysis Generated
Mar 15, 2026 - 00:19 vuln.today
CVE Published
Jun 20, 2025 - 11:15 nvd
CRITICAL 9.9

DescriptionCVE.org

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default.

AnalysisAI

A remote code execution vulnerability (CVSS 9.9) that allows authenticated users. Critical severity with potential for significant impact on affected systems.

Technical ContextAI

CWE-427 (Uncontrolled Search Path). CVSS 9.9 indicates critical severity with likely remote exploitation vector.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-25279 CRITICAL
9.9 Feb 24

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate boa

CVE-2025-20051 CRITICAL
9.9 Feb 24

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate inp

CVE-2025-12421 CRITICAL
9.9 Nov 27

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that t

CVE-2025-12419 CRITICAL
9.9 Nov 27

Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validat

CVE-2025-24490 CRITICAL
9.6 Feb 24

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statemen

CVE-2025-9072 HIGH
7.6 Sep 15

Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, a

CVE-2025-25068 HIGH
7.5 Mar 21

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin

CVE-2025-14435 MEDIUM
6.8 Jan 16

Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API er

CVE-2025-35965 MEDIUM
6.5 Apr 24

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity o

CVE-2025-41395 MEDIUM
6.5 Apr 24

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate the props used by th

CVE-2026-4339 MEDIUM
6.5 Jun 26

Server-side request forgery in the Mattermost Agents plugin MCP server (stdio mode) allows a low-privileged local attack

CVE-2025-31947 MEDIUM
5.8 May 15

Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users f

Vendor StatusVendor

Debian

Bug #823556
mattermost-server
Release Status Fixed Version Urgency
open - -

SUSE

Severity: Critical
Product Status
SUSE Linux Enterprise Server 16.0 Fixed
openSUSE Tumbleweed Fixed

Share

CVE-2025-4981 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy