AI description
CVE-2025-20051 is a path traversal vulnerability found in Mattermost Boards, a plugin for the Mattermost platform. This vulnerability allows unauthorized reading of arbitrary files on the affected system by exploiting a block duplication feature. An attacker can create a specially crafted block and, through its duplication, gain access to sensitive files. Versions 10.4.x (up to and including 10.4.1) and 9.11 of Mattermost are known to be affected. This vulnerability was published on February 24, 2025. Mattermost Boards is a plugin used for project management and collaboration within the Mattermost platform, which is an open-source alternative to Slack and Microsoft Teams. The vulnerability arises from improper handling of file paths during the block duplication process. This allows attackers to traverse outside the intended directory and access files they should not have permission to view.
- Description
- Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- responsibledisclosure@mattermost.com
- CWE-22
- Hype score
- Not currently trending
🚨 CVE-CVE-2025-20051: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to p—CVSS 9.9 escalates systems. 90% users miss updates (IBM). 45% attacks via XSS (Cisco). Enlist with CyberStrike—fast, elite defense: https://t.co
@taqtics_ai
3 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20051 (CVSS:9.9, CRITICAL) is Awaiting Analysis. Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate inp..https://t.co/pHQkQOfJBr #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nv
@cracbot
28 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-20051/24490/25279: Mattermost Boards Arbitrary File Read Vulnerability in Multiple Versions 📊 95.1K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/WVx0lW1PAP 👇Query HUNTER : https://t.co/q9rtuGgxk7="Mattermost" FOFA :… h
@HunterMapping
27 Feb 2025
955 Impressions
1 Retweet
7 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 ALERT: Mattermost Users, Patch Now! 🚨 Three nasty vulns just dropped – CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279. Attackers could exploit these to snoop on any file or unleash SQL injection chaos. ZoomEye’s already clocked 35.1k+ exposed instances with this… https
@zoomeye_team
25 Feb 2025
425 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
Critical Mattermost Flaws (CVE-2025-20051, CVE-2025-24490, CVE-2025-25279) Expose Systems to File Read and SQL Injection Attacks https://t.co/UPqEin5F1b
@Dinosn
25 Feb 2025
2234 Impressions
7 Retweets
17 Likes
3 Bookmarks
0 Replies
0 Quotes
⚠️⚠️Critical Mattermost Flaws Expose Systems to File Read and SQL Injection Attacks CVE-2025-20051, CVE-2025-24490, CVE-2025-25279 🎯84k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/bRJ5LAaio1 FOFA Query:app="Mattermost" 🔖… https://
@fofabot
25 Feb 2025
970 Impressions
7 Retweets
11 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 Mattermost users, wake up! Critical flaws CVE-2025-20051, 24490, 25279 expose your data—CVSS 9.9! Patch now or pay the price. #Cybersecurity #MattermostVuln 👇 https://t.co/3rA0OEoiDh
@_F2po_
24 Feb 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👀 VulnWatch Monday: CVE-2025-20051 🔓 CVE-2025-20051 allows an attacker to read any arbitrary file on affected @Mattermost instances via duplicating a specially crafted block in Boards. 🔧 Fix - Download the following versions: 9.11.8, 10.2.3, 10.3.3, 10.4.2, 10.5.0 https://t.
@kpoireault
24 Feb 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
5 Replies
0 Quotes
🚨 CVE-2025-20051 ⚠️🔴 CRITICAL (9.9) 🏢 Mattermost - Mattermost 🏗️ 10.4.0 🔗 https://t.co/kImZIYcYXl #CyberCron #VulnAlert https://t.co/2cU8qWaZUN
@cybercronai
24 Feb 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20051 Mattermost Boards Arbitrary File Read Vulnerability in Multiple Versions https://t.co/y9ntrcDnxu
@VulmonFeeds
24 Feb 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20051 Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, whic… https://t.co/nkerqQoYR0
@CVEnew
24 Feb 2025
463 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-20051: CRITICAL] Critical security vulnerability in Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 enables reading files via duplicate board feature. #CyberS...#cybersecurity,#vulnerability https://t.co/ifzxTn89vn
@CveFindCom
24 Feb 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes