- Description
- Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Analyzed
- Products
- mattermost_server
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- responsibledisclosure@mattermost.com
- CWE-22
- Hype score
- Not currently trending
🚨 CVE-CVE-2025-20051: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to p—CVSS 9.9 escalates systems. 90% users miss updates (IBM). 45% attacks via XSS (Cisco). Enlist with CyberStrike—fast, elite defense: https://t.co
@taqtics_ai
3 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20051 (CVSS:9.9, CRITICAL) is Awaiting Analysis. Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate inp..https://t.co/pHQkQOfJBr #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nv
@cracbot
28 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-20051/24490/25279: Mattermost Boards Arbitrary File Read Vulnerability in Multiple Versions 📊 95.1K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/WVx0lW1PAP 👇Query HUNTER : https://t.co/q9rtuGgxk7="Mattermost" FOFA :… h
@HunterMapping
27 Feb 2025
955 Impressions
1 Retweet
7 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 ALERT: Mattermost Users, Patch Now! 🚨 Three nasty vulns just dropped – CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279. Attackers could exploit these to snoop on any file or unleash SQL injection chaos. ZoomEye’s already clocked 35.1k+ exposed instances with this… https
@zoomeye_team
25 Feb 2025
425 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
Critical Mattermost Flaws (CVE-2025-20051, CVE-2025-24490, CVE-2025-25279) Expose Systems to File Read and SQL Injection Attacks https://t.co/UPqEin5F1b
@Dinosn
25 Feb 2025
2234 Impressions
7 Retweets
17 Likes
3 Bookmarks
0 Replies
0 Quotes
⚠️⚠️Critical Mattermost Flaws Expose Systems to File Read and SQL Injection Attacks CVE-2025-20051, CVE-2025-24490, CVE-2025-25279 🎯84k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/bRJ5LAaio1 FOFA Query:app="Mattermost" 🔖… https://
@fofabot
25 Feb 2025
970 Impressions
7 Retweets
11 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 Mattermost users, wake up! Critical flaws CVE-2025-20051, 24490, 25279 expose your data—CVSS 9.9! Patch now or pay the price. #Cybersecurity #MattermostVuln 👇 https://t.co/3rA0OEoiDh
@_F2po_
24 Feb 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👀 VulnWatch Monday: CVE-2025-20051 🔓 CVE-2025-20051 allows an attacker to read any arbitrary file on affected @Mattermost instances via duplicating a specially crafted block in Boards. 🔧 Fix - Download the following versions: 9.11.8, 10.2.3, 10.3.3, 10.4.2, 10.5.0 https://t.
@kpoireault
24 Feb 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
5 Replies
0 Quotes
🚨 CVE-2025-20051 ⚠️🔴 CRITICAL (9.9) 🏢 Mattermost - Mattermost 🏗️ 10.4.0 🔗 https://t.co/kImZIYcYXl #CyberCron #VulnAlert https://t.co/2cU8qWaZUN
@cybercronai
24 Feb 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20051 Mattermost Boards Arbitrary File Read Vulnerability in Multiple Versions https://t.co/y9ntrcDnxu
@VulmonFeeds
24 Feb 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20051 Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, whic… https://t.co/nkerqQoYR0
@CVEnew
24 Feb 2025
463 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-20051: CRITICAL] Critical security vulnerability in Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 enables reading files via duplicate board feature. #CyberS...#cybersecurity,#vulnerability https://t.co/ifzxTn89vn
@CveFindCom
24 Feb 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E229B1F-4D4B-405D-ADAF-831AD561DDE0",
"versionEndExcluding": "9.11.8",
"versionStartIncluding": "9.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC47726-A40F-4485-9DBD-D0E23526BFC6",
"versionEndExcluding": "10.2.3",
"versionStartIncluding": "10.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B08BF27-E86F-472D-B91C-776E7D9425CB",
"versionEndExcluding": "10.3.3",
"versionStartIncluding": "10.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20456526-878A-4CEA-A563-0D9878ED300C",
"versionEndExcluding": "10.4.2",
"versionStartIncluding": "10.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]