Input Validation Flaw in Mattermost Boards Affects Multiple Versions
CVE-2025-20051

9.9CRITICAL

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 24 February 2025

Summary

Mattermost has identified a vulnerability within its Boards feature affecting several versions. The flaw arises from improper input validation during the operations of patching and duplicating a board. This vulnerability potentially allows an authenticated user to manipulate blocks in such a way that leads to unauthorized reading of arbitrary files on the system. It's crucial for administrators to review their Mattermost deployments and ensure that versions are updated to mitigate this risk.

Affected Version(s)

Mattermost 10.4.0 <= 10.4.1

Mattermost 9.11.0 <= 9.11.7

Mattermost 10.3.0 <= 10.3.2

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 18, 2025

Credit

visat