AI description
CVE-2025-9079 is a path traversal vulnerability affecting Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, and 10.9.x <= 10.9.3. The vulnerability stems from a failure to validate the import directory path configuration. This flaw allows admin users to execute arbitrary code by uploading malicious plugins to the prepackaged plugins directory. Exploitation could lead to complete system compromise, unauthorized access, data manipulation, or service disruption. Patches are available for the vulnerability in versions 10.8.4, 10.5.9, 9.11.18, 10.10.2, and 10.9.4.
- Description
- Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8
- Impact score
- 6
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
- responsibledisclosure@mattermost.com
- CWE-22
- Hype score
- Not currently trending
CVE-2025-9079: Path Traversal in Mattermost, 8.0 rating❗️ A vulnerability in some versions of Mattermost allows attackers to execute arbitrary code via a malicious plugin. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/JSoNGjAlqw https://t.co/6BAtBybQ2G
@Netlas_io
22 Sept 2025
3313 Impressions
13 Retweets
36 Likes
7 Bookmarks
1 Reply
0 Quotes
CVE-2025-9079 Arbitrary Code Execution via Malicious Plugin Upload in Mattermost Versions Below 10.10.2 https://t.co/ReVaHkCf4a
@VulmonFeeds
19 Sept 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes