Mattermost Archive Extraction Path Traversal Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability exists in Mattermost versions 10.5.x through 10.5.5, 9.11.x through 9.11.15, 10.8.x through 10.8.0, 10.7.x through 10.7.2, and 10.6.x through 10.6.5. The issue arises because these versions do not properly sanitize filenames in the archive extractor. This flaw enables authenticated users to upload archives containing path traversal sequences in filenames, allowing them to write files to arbitrary locations on the filesystem. This could potentially lead to remote code execution. The vulnerability is present in instances where file uploads and document content extraction are enabled, settings that are typically activated by default.

Impact

Exploitation of this vulnerability could result in unauthorized file writes to the filesystem, with the potential for remote code execution.

Added: Jun 20, 2025, 11:22 AM

Updated: Jun 20, 2025, 11:22 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

5.2

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

5.2

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Archive Extraction Path Traversal Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating