CVE-2025-24490

CVSS 3.1 Score 9.6 of 10 (high)

Details

Published Feb 24, 2025

CWE ID 89

Summary

CVE-2025-24490 is a vulnerability affecting Mattermost versions 10.4.x up to 10.4.1, 9.11.x up to 9.11.7, 10.3.x up to 10.3.2, and 10.2.x up to 10.2.2. During the process of reordering boards categories, these versions fail to utilize prepared statements in the underlying SQL queries, exposing a SQL injection risk. An attacker can take advantage of this flaw to retrieve sensitive data from the database.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mattermost Server

Affected Vendors

Mattermost, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3fBSU0
https://www.cve.org/CVERecord?id=CVE-2025-24490
https://nvd.nist.gov/vuln/detail/CVE-2025-24490

Back to Vulnerability Database