CVE-2025-4981
BaseFortify
Publication date: 2025-06-20
Last updated on: 2025-07-08
Assigner: Mattermost, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mattermost | mattermost_server | From 9.11.0 (inc) to 9.11.16 (exc) |
| mattermost | mattermost_server | From 10.5.0 (inc) to 10.5.6 (exc) |
| mattermost | mattermost_server | From 10.6.0 (inc) to 10.6.6 (exc) |
| mattermost | mattermost_server | From 10.7.0 (inc) to 10.7.3 (exc) |
| mattermost | mattermost_server | 10.8.0 |
| mattermost | mattermost_server | 10.8.0 |
| mattermost | mattermost_server | 10.8.0 |
| mattermost | mattermost_server | 10.8.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can allow an authenticated user to write files anywhere on the server's filesystem by uploading specially crafted archives. This can lead to remote code execution, meaning an attacker could run arbitrary code on the server, potentially compromising the entire system, stealing data, or disrupting services.
Can you explain this vulnerability to me?
This vulnerability in Mattermost versions up to certain 10.5.x, 9.11.x, 10.8.x, 10.7.x, and 10.6.x releases allows authenticated users to upload archive files containing filenames with path traversal sequences. Because the application fails to properly sanitize these filenames during archive extraction, attackers can write files to arbitrary locations on the filesystem. This can potentially lead to remote code execution if malicious files are placed in sensitive locations.