Mattermost Input Validation Vulnerability in Boards Feature Allowing Arbitrary File Read

Vulnerability

A vulnerability exists in Mattermost versions 10.4.x through 10.4.1, 9.11.x through 9.11.7, 10.3.x through 10.3.2, and 10.2.x through 10.2.2. The issue arises from improper input validation when patching and duplicating boards, which enables users to read arbitrary files on the system by duplicating specially crafted blocks in the Boards feature.

Impact

Exploitation of this vulnerability allows for arbitrary file read on the system where Mattermost is running.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.8

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.8

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Input Validation Vulnerability in Boards Feature Allowing Arbitrary File Read

Vulnerability

Impact

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating