Input Validation Flaw in Mattermost Affects Multiple Versions
CVE-2025-21088

6.5MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 15 January 2025

Summary

Mattermost contains a vulnerability whereby certain versions do not adequately validate the style of proto used in post.props.attachments. This flaw can be exploited by an attacker sending crafted input that may cause the Mattermost frontend to crash, disrupting services and affecting user experience. Users of the affected versions are urged to upgrade to secure versions to mitigate this risk.

Affected Version(s)

Mattermost 10.2.0

Mattermost 9.11.0 <= 9.11.5

Mattermost 10.0.0 <= 10.0.3

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jan 15, 2025

Credit

c0rydoras