Path Traversal Vulnerability in Mattermost by Mattermost Inc.
CVE-2025-8023

6.8MEDIUM

Key Information:

Vendor

Mattermost
Status
Mattermost
Vendor
CVE Published:
21 August 2025

What is CVE-2025-8023?

Certain versions of Mattermost exhibit a vulnerability due to improper sanitization of path traversal sequences in template file destination paths. This flaw enables privileged system administrators to exploit malcrafted path components, leading to unauthorized file placements outside of intended directory structures. Organizations using these vulnerable versions are at risk of significant file management issues, potentially compromising the integrity of their system.

Affected Version(s)

Mattermost 10.8.0 <= 10.8.3

Mattermost 10.5.0 <= 10.5.8

Mattermost 9.11.0 <= 9.11.17

References

https://mattermost.com/security-updates

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dawid Kulikowski (daw10)
.