Post Prop Validation Flaw in Mattermost by Mattermost, Inc.
CVE-2025-20086

6.5MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 15 January 2025

Summary

Mattermost platforms, specifically versions 10.2.x through 10.2.0, 9.11.x through 9.11.5, 10.0.x through 10.0.3, and 10.1.x through 10.1.3 are susceptible to a vulnerability due to insufficient validation of post properties. This flaw permits a malicious authenticated user to craft a post that could lead to a system crash, potentially causing denial of service and impacting availability.

Affected Version(s)

Mattermost 10.2.0

Mattermost 9.11.0 <= 9.11.5

Mattermost 10.0.0 <= 10.0.3

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jan 14, 2025

Credit

c0rydoras (c0rydoras)