CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-4981

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.7%

CVSS Severity

CVSS v3 Score 9.9

References

https://mattermost.com/security-updates

Products affected by CVE-2025-4981

Mattermost » Mattermost Server » Version: 10.5.0

cpe:2.3:a:mattermost:mattermost_server:10.5.0
Mattermost » Mattermost Server » Version: 10.5.1

cpe:2.3:a:mattermost:mattermost_server:10.5.1
Mattermost » Mattermost Server » Version: 10.5.2

cpe:2.3:a:mattermost:mattermost_server:10.5.2
Mattermost » Mattermost Server » Version: 10.5.3

cpe:2.3:a:mattermost:mattermost_server:10.5.3
Mattermost » Mattermost Server » Version: 10.5.4

cpe:2.3:a:mattermost:mattermost_server:10.5.4
Mattermost » Mattermost Server » Version: 10.5.5

cpe:2.3:a:mattermost:mattermost_server:10.5.5
Mattermost » Mattermost Server » Version: 10.6.0

cpe:2.3:a:mattermost:mattermost_server:10.6.0
Mattermost » Mattermost Server » Version: 10.6.1

cpe:2.3:a:mattermost:mattermost_server:10.6.1
Mattermost » Mattermost Server » Version: 10.6.2

cpe:2.3:a:mattermost:mattermost_server:10.6.2
Mattermost » Mattermost Server » Version: 10.6.3

cpe:2.3:a:mattermost:mattermost_server:10.6.3
Mattermost » Mattermost Server » Version: 10.6.4

cpe:2.3:a:mattermost:mattermost_server:10.6.4
Mattermost » Mattermost Server » Version: 10.6.5

cpe:2.3:a:mattermost:mattermost_server:10.6.5
Mattermost » Mattermost Server » Version: 10.7.0

cpe:2.3:a:mattermost:mattermost_server:10.7.0
Mattermost » Mattermost Server » Version: 10.7.1

cpe:2.3:a:mattermost:mattermost_server:10.7.1
Mattermost » Mattermost Server » Version: 10.7.2

cpe:2.3:a:mattermost:mattermost_server:10.7.2
Mattermost » Mattermost Server » Version: 10.8.0

cpe:2.3:a:mattermost:mattermost_server:10.8.0
Mattermost » Mattermost Server » Version: 9.11.0

cpe:2.3:a:mattermost:mattermost_server:9.11.0
Mattermost » Mattermost Server » Version: 9.11.1

cpe:2.3:a:mattermost:mattermost_server:9.11.1
Mattermost » Mattermost Server » Version: 9.11.10

cpe:2.3:a:mattermost:mattermost_server:9.11.10
Mattermost » Mattermost Server » Version: 9.11.11

cpe:2.3:a:mattermost:mattermost_server:9.11.11
Mattermost » Mattermost Server » Version: 9.11.12

cpe:2.3:a:mattermost:mattermost_server:9.11.12
Mattermost » Mattermost Server » Version: 9.11.13

cpe:2.3:a:mattermost:mattermost_server:9.11.13
Mattermost » Mattermost Server » Version: 9.11.14

cpe:2.3:a:mattermost:mattermost_server:9.11.14
Mattermost » Mattermost Server » Version: 9.11.15

cpe:2.3:a:mattermost:mattermost_server:9.11.15
Mattermost » Mattermost Server » Version: 9.11.2

cpe:2.3:a:mattermost:mattermost_server:9.11.2
Mattermost » Mattermost Server » Version: 9.11.3

cpe:2.3:a:mattermost:mattermost_server:9.11.3
Mattermost » Mattermost Server » Version: 9.11.4

cpe:2.3:a:mattermost:mattermost_server:9.11.4
Mattermost » Mattermost Server » Version: 9.11.5

cpe:2.3:a:mattermost:mattermost_server:9.11.5
Mattermost » Mattermost Server » Version: 9.11.6

cpe:2.3:a:mattermost:mattermost_server:9.11.6
Mattermost » Mattermost Server » Version: 9.11.7

cpe:2.3:a:mattermost:mattermost_server:9.11.7
Mattermost » Mattermost Server » Version: 9.11.8

cpe:2.3:a:mattermost:mattermost_server:9.11.8
Mattermost » Mattermost Server » Version: 9.11.9

cpe:2.3:a:mattermost:mattermost_server:9.11.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-4981

Products

Pricing

Contact Us