CVE-2025-8023
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-25
Assigner: Mattermost, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mattermost | mattermost_server | From 9.11.0 (inc) to 9.11.18 (exc) |
| mattermost | mattermost_server | From 10.5.0 (inc) to 10.5.9 (exc) |
| mattermost | mattermost_server | From 10.8.0 (inc) to 10.8.4 (exc) |
| mattermost | mattermost_server | From 10.9.0 (inc) to 10.9.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, and 10.9.x <= 10.9.2 allows a system administrator to perform path traversal attacks by exploiting the failure to sanitize path traversal sequences in template file destination paths. This means an attacker with system admin privileges can place malicious files outside of the intended directories.
How can this vulnerability impact me? :
The vulnerability can allow a system administrator to place malicious files outside of intended directories, potentially leading to unauthorized file placement on the system. This could compromise system integrity or security by enabling attackers to manipulate files in unintended locations.