CVE-2025-8402
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-10-01
Assigner: Mattermost, Inc.
Description
Description
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mattermost | mattermost_server | From 9.11.0 (inc) to 9.11.18 (exc) |
| mattermost | mattermost_server | From 10.5.0 (inc) to 10.5.9 (exc) |
| mattermost | mattermost_server | From 10.8.0 (inc) to 10.8.4 (exc) |
| mattermost | mattermost_server | From 10.9.0 (inc) to 10.9.4 (exc) |
| mattermost | mattermost_server | 10.10.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in certain versions of Mattermost where the system fails to properly validate import data. This flaw allows a system administrator to crash the server by using the bulk import feature.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by crashing the Mattermost server when a system administrator performs a bulk import with invalid data. This disrupts availability but does not affect confidentiality or integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70