CVE-2025-20051 - Vulnerability Details - OpenCVE

ReportizFlow

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Mattermost	Mattermost Mattermost Server

Configuration 1 [-]

OR	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server::::::::

No data.

References

Link	Providers
https://mattermost.com/security-updates

History

Mon, 18 Aug 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mattermost mattermost Server
CPEs		cpe:2.3:a:mattermost:mattermost_server::::::::
Vendors & Products		Mattermost mattermost Server

Mon, 24 Feb 2025 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 24 Feb 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.
Title		Arbitrary file read via block duplication in Mattermost Boards
Weaknesses		CWE-22
References		https://mattermost.com/security-updates
Metrics		cvssV3_1 `{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2025-02-24T07:27:23.182Z

Updated: 2025-02-24T11:20:04.651Z

Reserved: 2025-02-18T11:11:14.668Z

Link: CVE-2025-20051

Vulnrichment

Updated: 2025-02-24T11:19:59.832Z

NVD

Status : Analyzed

Published: 2025-02-24T08:15:10.087

Modified: 2025-08-18T18:22:38.053

Link: CVE-2025-20051

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20051", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2025-02-18T11:11:14.668Z", "datePublished": "2025-02-24T07:27:23.182Z", "dateUpdated": "2025-02-24T11:20:04.651Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "10.4.1", "status": "affected", "version": "10.4.0", "versionType": "semver"}, {"lessThanOrEqual": "9.11.7", "status": "affected", "version": "9.11.0", "versionType": "semver"}, {"lessThanOrEqual": "10.3.2", "status": "affected", "version": "10.3.0", "versionType": "semver"}, {"lessThanOrEqual": "10.2.2", "status": "affected", "version": "10.2.0", "versionType": "semver"}, {"status": "unaffected", "version": "10.5.0"}, {"status": "unaffected", "version": "10.4.2"}, {"status": "unaffected", "version": "9.11.8"}, {"status": "unaffected", "version": "10.3.3"}, {"status": "unaffected", "version": "10.2.3"}]}], "credits": [{"lang": "en", "type": "finder", "value": "visat"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.</p>"}], "value": "Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2025-02-24T07:27:23.182Z"}, "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Update Mattermost to versions 10.5.0, 10.4.2, 9.11.8, 10.3.3, 10.2.3 or higher. Alternatively, update the Mattermost Boards plugin to v9.0.5 or higher.</p>"}], "value": "Update Mattermost to versions 10.5.0, 10.4.2, 9.11.8, 10.3.3, 10.2.3 or higher. Alternatively, update the Mattermost Boards plugin to v9.0.5 or higher."}], "source": {"advisory": "MMSA-2025-00429", "defect": ["https://mattermost.atlassian.net/browse/MM-62644"], "discovery": "EXTERNAL"}, "title": "Arbitrary file read via block duplication in Mattermost Boards", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-24T11:19:25.280356Z", "id": "CVE-2025-20051", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T11:20:04.651Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-20051", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-24T11:19:25.280356Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T11:19:59.832Z"}}], "cna": {"title": "Arbitrary file read via block duplication in Mattermost Boards", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-62644"], "advisory": "MMSA-2025-00429", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "visat"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "10.4.0", "versionType": "semver", "lessThanOrEqual": "10.4.1"}, {"status": "affected", "version": "9.11.0", "versionType": "semver", "lessThanOrEqual": "9.11.7"}, {"status": "affected", "version": "10.3.0", "versionType": "semver", "lessThanOrEqual": "10.3.2"}, {"status": "affected", "version": "10.2.0", "versionType": "semver", "lessThanOrEqual": "10.2.2"}, {"status": "unaffected", "version": "10.5.0"}, {"status": "unaffected", "version": "10.4.2"}, {"status": "unaffected", "version": "9.11.8"}, {"status": "unaffected", "version": "10.3.3"}, {"status": "unaffected", "version": "10.2.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 10.5.0, 10.4.2, 9.11.8, 10.3.3, 10.2.3 or higher. Alternatively, update the Mattermost Boards plugin to v9.0.5 or higher.", "supportingMedia": [{"type": "text/html", "value": "<p>Update Mattermost to versions 10.5.0, 10.4.2, 9.11.8, 10.3.3, 10.2.3 or higher. Alternatively, update the Mattermost Boards plugin to v9.0.5 or higher.</p>", "base64": false}]}], "references": [{"url": "https://mattermost.com/security-updates"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.", "supportingMedia": [{"type": "text/html", "value": "<p>Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2025-02-24T07:27:23.182Z"}}}, "cveMetadata": {"cveId": "CVE-2025-20051", "state": "PUBLISHED", "dateUpdated": "2025-02-24T11:20:04.651Z", "dateReserved": "2025-02-18T11:11:14.668Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2025-02-24T07:27:23.182Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E229B1F-4D4B-405D-ADAF-831AD561DDE0", "versionEndExcluding": "9.11.8", "versionStartIncluding": "9.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDC47726-A40F-4485-9DBD-D0E23526BFC6", "versionEndExcluding": "10.2.3", "versionStartIncluding": "10.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B08BF27-E86F-472D-B91C-776E7D9425CB", "versionEndExcluding": "10.3.3", "versionStartIncluding": "10.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "20456526-878A-4CEA-A563-0D9878ED300C", "versionEndExcluding": "10.4.2", "versionStartIncluding": "10.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards."}, {"lang": "es", "value": " Las versiones de Mattermost 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 no pueden validar correctamente la entrada al parchar y duplicar una tablero, lo que permite a un usuario leer cualquier archivo arbitrario en el sistema mediante la duplicaci\u00f3n de un bloque especialmente manipulado en tableros."}], "id": "CVE-2025-20051", "lastModified": "2025-08-18T18:22:38.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-02-24T08:15:10.087", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Secondary"}]}