CVE-2025-20051

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Feb 24, 2025

CWE ID 22

Summary

CVE-2025-20051 is a vulnerability affecting Mattermost versions 10.4.x up to 10.4.1, 9.11.x up to 9.11.7, 10.3.x up to 10.3.2, and 10.2.x up to 10.2.2. The vulnerability lies in the input validation mechanism when patching and duplicating a board. A malicious user can exploit this flaw by creating a specially crafted block and use it to read any arbitrary file on the system. This issue could lead to potential data exposure, making it essential for affected users to apply the relevant patches as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mattermost Server

Affected Vendors

Mattermost, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3fBSU6
https://www.cve.org/CVERecord?id=CVE-2025-20051
https://nvd.nist.gov/vuln/detail/CVE-2025-20051

Back to Vulnerability Database