AI description
CVE-2025-24490 is a SQL injection vulnerability that affects Mattermost versions 10.4.1, 9.11.7, 10.3.2, and 10.2.2. It stems from the improper use of prepared statements in the SQL query responsible for reordering boards. This flaw allows attackers to manipulate board category ID reordering requests to extract data from the Mattermost database. This vulnerability resides within the Boards Category Handler component. Exploitation involves manipulating an unspecified input value, leading to the SQL injection. The attack can be initiated remotely and is reportedly easy to exploit. Updating to the latest version of Mattermost is the recommended mitigation.
- Description
- Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statements in the SQL query of boards reordering which allows an attacker to retrieve data from the database, via a SQL injection when reordering specially crafted boards categories.
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.6
- Impact score
- 5.8
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
- Severity
- CRITICAL
- responsibledisclosure@mattermost.com
- CWE-89
- Hype score
- Not currently trending
CVE-2025-24490 (CVSS:9.6, CRITICAL) is Awaiting Analysis. Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statemen..https://t.co/eHfNLHNvip #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nv
@cracbot
1 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24490 (CVSS:9.6, CRITICAL) is Awaiting Analysis. Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statemen..https://t.co/eHfNLHNvip #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nv
@cracbot
28 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ALERT: Mattermost Users, Patch Now! 🚨 Three nasty vulns just dropped – CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279. Attackers could exploit these to snoop on any file or unleash SQL injection chaos. ZoomEye’s already clocked 35.1k+ exposed instances with this… https
@zoomeye_team
25 Feb 2025
425 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
Critical Mattermost Flaws (CVE-2025-20051, CVE-2025-24490, CVE-2025-25279) Expose Systems to File Read and SQL Injection Attacks https://t.co/UPqEin5F1b
@Dinosn
25 Feb 2025
2234 Impressions
7 Retweets
17 Likes
3 Bookmarks
0 Replies
0 Quotes
⚠️⚠️Critical Mattermost Flaws Expose Systems to File Read and SQL Injection Attacks CVE-2025-20051, CVE-2025-24490, CVE-2025-25279 🎯84k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/bRJ5LAaio1 FOFA Query:app="Mattermost" 🔖… https://
@fofabot
25 Feb 2025
970 Impressions
7 Retweets
11 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24490 ⚠️🔴 CRITICAL (9.6) 🏢 Mattermost - Mattermost 🏗️ 10.4.0 🔗 https://t.co/kImZIYcYXl #CyberCron #VulnAlert https://t.co/KWXOpq3dO5
@cybercronai
24 Feb 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24490 Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statements in the SQL query of boards reordering which… https://t.co/7T8PvYnt8W
@CVEnew
24 Feb 2025
443 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-24490: CRITICAL] Critical security vulnerability in Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2. SQL injection can expose sensitive data. Update immediately.#cybersecurity,#vulnerability https://t.co/iLdnG4JY0a
@CveFindCom
24 Feb 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes