Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and SMTP credentials via uploading a malicious plugin after changing the import directory. Mattermost Advisory ID: MMSA-2025-00528
AnalysisAI
This vulnerability in Mattermost allows unauthenticated attackers to achieve remote code execution and exfiltrate sensitive credentials through malicious plugin installation on CI test instances that retain default admin credentials. Affected versions include Mattermost 10.11.x through 10.11.10, 11.2.x through 11.2.2, and 11.3.0, with the core issue stemming from insufficient access controls on plugin installation combined with default credential exposure. An attacker can upload a malicious plugin after modifying the import directory to gain full system compromise and access AWS and SMTP credentials stored in configuration files.
Technical ContextAI
The vulnerability exploits a failure in authorization controls (CWE-863: Incorrect Authorization) within Mattermost's plugin installation mechanism. Mattermost is a self-hosted team collaboration platform (identified via CPE cpe:2.3:a:mattermost:mattermost) that allows administrators to extend functionality through plugins. The root cause involves two compounding factors: first, CI test instances are deployed with default administrative credentials that remain unchanged in production-like configurations, and second, the plugin installation endpoint does not properly enforce authentication or authorization checks before allowing plugin uploads. An attacker with network access can change the plugin import directory path and upload arbitrary plugin files containing malicious code, which are then executed with the privileges of the Mattermost application server. This allows both arbitrary code execution on the host system and access to sensitive configuration data including database credentials, AWS API keys, and SMTP authentication tokens typically stored in plaintext configuration files accessible to the application process.
RemediationAI
Immediately upgrade affected Mattermost instances to patched versions beyond 10.11.10, 11.2.2, and 11.3.0 as specified in the vendor advisory at https://mattermost.com/security-updates. As a critical interim measure before patching, change all default administrative credentials immediately and enforce strong, unique passwords for all administrative accounts. Additionally, restrict network access to Mattermost instances to trusted IP ranges or VPN-only connectivity, disable plugin installation if not required for operations, and remove or restrict the ability to modify plugin import directories through configuration hardening. Review plugin installation logs and audit any plugins installed during the exposure window for signs of compromise. For CI/test instances specifically, implement separate credential management and avoid deploying test instances with production-like configurations or credentials. Monitor sensitive configuration files for unauthorized access and rotate all credentials stored in Mattermost configuration (AWS keys, SMTP passwords, database credentials) as a precautionary measure.
More in Mattermost
View allDenial of service in linkify-it (npm) through v5.0.0 lets remote unauthenticated attackers wedge a rendering worker by s
A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large auto
Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded w
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perf
Fleet is an open source osquery manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invit
Dex is a federated OpenID Connect provider written in Go. Rated critical severity (CVSS 9.6), this vulnerability is remo
Improper output escaping in NousResearch Hermes Agent versions up to 2026.4.16 allows remote unauthenticated attackers t
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, wh
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker posse
Privilege escalation in Mattermost server (11.6.x, 11.5.x, and 10.11.x branches) allows a low-privileged user holding gr
Authorization bypass in Mattermost Plugin Legal Hold versions <=1.1.4 allows authenticated attackers to manipulate legal
Same weakness CWE-863 – Incorrect Authorization
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12413