- Description
- Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default.
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Analyzed
- Products
- mattermost_server
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- responsibledisclosure@mattermost.com
- CWE-427
- Hype score
- Not currently trending
Mattermost versions up to 10.5.5, 9.11.15, 10.8.0, 10.7.2, and 10.6.5 are vulnerable to arbitrary file write via unsanitized filenames in the archive extractor (CVE-2025-4981). Patching is recommended. #Mattermost #Infosec #CVE https://t.co/XHb0NUS9Dg
@pulsepatchio
13 Mar 2026
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#VulnerabilityReport #CollaborationPlatform Critical Mattermost Flaw (CVE-2025-4981, CVSS 9.9) Allows RCE Via Path Traversal https://t.co/MmNCIwFJ8N https://t.co/KbzjPnEVan
@Komodosec
27 Jul 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-4981(CVSS 9.9) : A critical flaw in Mattermost allows authenticated users to achieve RCE via path traversal during archive uploads. 📊113K+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/WVx0lW1PAP 👇Query HUNTER :
@HunterMapping
25 Jun 2025
3308 Impressions
10 Retweets
48 Likes
22 Bookmarks
2 Replies
1 Quote
Warning: Critical #Path #Traversal vulnerability in #Mattermost! #CVE-2025-4981 CVSS: 9.9. Authenticated users can exploit this for #RCE under default settings. #RCE! #Patch #Patch #Patch. Read our advisory here: https://t.co/MYOTBbTrUL
@CCBalert
23 Jun 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4981: RCE in Mattermost, 9.9 rating 🔥 Recently patched vulnerability in Mattermost allowed attackers to write files to arbitrary locations on the host system. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/d59scIY22t #cybersecurity #vulnerability_map ht
@Netlas_io
23 Jun 2025
133 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-4981(CVSS 9.9)allows authenticated users to write files to arbitrary locations on the host system—opening the door to remote code execution. 🎯97k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/bRJ5LAaio1 FO
@fofabot
23 Jun 2025
2027 Impressions
6 Retweets
23 Likes
10 Bookmarks
0 Replies
0 Quotes
オープンソースのコラボレーションプラットフォームMattermostに、深刻なリモートコード実行の脆弱性(CVE-2025-4981など)が発見された。 CVSSスコアは9.9で、認証済みユーザーが任意のファイルをホスト上に書き
@yousukezan
21 Jun 2025
625 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A critical flaw (CVE-2025-4981, CVSS 9.9) in Mattermost allows authenticated users to achieve RCE via path traversal during archive uploads. Update immediately! #Mattermost #RCE #Cybersecurity #OpenSource #Vulnerability https://t.co/6EUfPZYuE8
@the_yellow_fall
21 Jun 2025
1855 Impressions
8 Retweets
23 Likes
6 Bookmarks
0 Replies
0 Quotes
CVE-2025-4981 Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which … https://t.co/GhlB06rIaj
@CVEnew
20 Jun 2025
366 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4981: CRITICAL] Critical security vulnerability in Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 allows remote code execution. Update now!#cve,CVE-2025-4981,#cybersecurity https://t.co/wlTeMH
@CveFindCom
20 Jun 2025
71 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CEF0379-7E63-452C-8084-067092A25D92",
"versionEndExcluding": "9.11.16",
"versionStartIncluding": "9.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77EE1558-3E63-4178-90EB-DBC8F99B75AB",
"versionEndExcluding": "10.5.6",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1A952E-F96B-4D50-B8FD-7CAFFE73263F",
"versionEndExcluding": "10.6.6",
"versionStartIncluding": "10.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28D55588-A52A-4ADD-AC90-A46BED4555A1",
"versionEndExcluding": "10.7.3",
"versionStartIncluding": "10.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:10.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "20DB174F-F76D-49F1-BB44-638A5FA71CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:10.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "51CA3B67-FE72-49C2-97EA-D7D86F3991EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:10.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C4DBC6F-061B-4844-9E80-596D4890DA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:10.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AA2C469A-7A94-4C55-9738-21C16B8C0817",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]