What is the CVSS score of CVE-2026-25780?

CVE-2026-25780 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of Mattermost are affected by CVE-2026-25780?

CVE-2026-25780 presents moderate security risk rated CVSS 4.3. Exploitation could compromise the security of affected deployments.. A patch is available.

Mattermost CVE-2026-25780

Q: How to fix or mitigate CVE-2026-25780?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

EUVD-2026-12430 MEDIUM

Memory Allocation with Excessive Size Value (CWE-789)

2026-03-16 Mattermost

GHSA-xv2p-wchj-qjhp

Denial Of Service Mattermost Suse

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 16, 2026 - 14:00 euvd

EUVD-2026-12430

Analysis Generated

Mar 16, 2026 - 14:00 vuln.today

CVE Published

Mar 16, 2026 - 12:59 nvd

MEDIUM 4.3

DescriptionNVD

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID: MMSA-2026-00581

AnalysisAI

Mattermost versions 11.3.0, 11.2.2, and 10.11.10 and earlier lack proper memory bounds checking when processing DOC file uploads, enabling authenticated attackers to trigger server memory exhaustion and denial of service. An attacker with valid credentials can upload a specially crafted DOC file to exhaust available memory and crash the Mattermost server. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-25780 vulnerability details – vuln.today

Back

Mattermost CVE-2026-25780

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code