CVE-2025-6233

Published Jul 18, 2025

Last updated 12 hours ago

CVSS medium 6.8

Overview

Description
Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal.
Source
responsibledisclosure@mattermost.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.8
Impact score
4
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

responsibledisclosure@mattermost.com
CWE-22

Social media

Hype score
Not currently trending

  1. CVE-2025-6233 Path Traversal in Mattermost Bulk Import Feature Allows Arbitrary File Read https://t.co/iVedFxuC6U

    @VulmonFeeds

    18 Jul 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.