AI description
CVE-2025-25279 is a vulnerability in Mattermost Boards, a plugin for the Mattermost team communication platform. It involves improper validation of board blocks during import and export operations. By crafting a malicious import archive, an attacker can exploit this flaw to read arbitrary files on the server's file system. This vulnerability affects Mattermost versions 10.4.x up to 10.4.1, 9.11.x up to 9.11.7, 10.3.x up to 10.3.2, and 10.2.x up to 10.2.2, specifically those with the Boards feature enabled. Exploitation allows an attacker to potentially access sensitive data such as configuration files and system credentials. Patches are available, and it is recommended to update to the latest Mattermost version to mitigate this vulnerability.
- Description
- Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards.
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- responsibledisclosure@mattermost.com
- CWE-22
- Hype score
- Not currently trending
CVE-2025-25279 (CVSS:9.9, CRITICAL) is Awaiting Analysis. Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate boa..https://t.co/EFY4BcOV27 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nv
@cracbot
1 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25279 (CVSS:9.9, CRITICAL) is Awaiting Analysis. Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate boa..https://t.co/EFY4BcOV27 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nv
@cracbot
28 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ALERT: Mattermost Users, Patch Now! 🚨 Three nasty vulns just dropped – CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279. Attackers could exploit these to snoop on any file or unleash SQL injection chaos. ZoomEye’s already clocked 35.1k+ exposed instances with this… https
@zoomeye_team
25 Feb 2025
425 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
Critical Mattermost Flaws (CVE-2025-20051, CVE-2025-24490, CVE-2025-25279) Expose Systems to File Read and SQL Injection Attacks https://t.co/UPqEin5F1b
@Dinosn
25 Feb 2025
2234 Impressions
7 Retweets
17 Likes
3 Bookmarks
0 Replies
0 Quotes
⚠️⚠️Critical Mattermost Flaws Expose Systems to File Read and SQL Injection Attacks CVE-2025-20051, CVE-2025-24490, CVE-2025-25279 🎯84k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/bRJ5LAaio1 FOFA Query:app="Mattermost" 🔖… https://
@fofabot
25 Feb 2025
970 Impressions
7 Retweets
11 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-25279 ⚠️🔴 CRITICAL (9.9) 🏢 Mattermost - Mattermost 🏗️ 10.4.0 🔗 https://t.co/kImZIYcYXl #CyberCron #VulnAlert https://t.co/Gq8II6IcZh
@cybercronai
24 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25279 Mattermost Boards Vulnerability https://t.co/BdE5QSRSFb
@VulmonFeeds
24 Feb 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25279 Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows a… https://t.co/5jmLfsRE69
@CVEnew
24 Feb 2025
303 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-25279: CRITICAL] Critical cyber security vulnerability in Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 could allow attackers to read any file on the system ...#cybersecurity,#vulnerability https://t.co/c6UxjuI0ti
@CveFindCom
24 Feb 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes