Primary

Context

Mattermost Path Traversal Vulnerability Allowing Malicious File Placement

Vulnerability

Patched

A path traversal vulnerability has been identified in Mattermost versions 10.8.x through 10.8.3, 10.5.x through 10.5.8, 9.11.x through 9.11.17, and 10.9.x through 10.9.2. The issue arises because the application fails to properly sanitize path traversal sequences in template file destination paths. This flaw enables system administrators to conduct path traversal attacks by using malicious path components, potentially leading to the placement of harmful files outside of designated directories.

Impact

Exploitation of this vulnerability could result in unauthorized file placement outside of intended directories, potentially allowing for further exploitation or disruption of the system.

Remediation

Users can upgrade to Mattermost versions 10.11.0, 10.5.10, 9.11.18, or 10.9.5 to address this vulnerability.

Added: Aug 21, 2025, 8:18 AM

Updated: Aug 21, 2025, 8:18 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.0

exploitability

4.8

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.0

exploitability

4.8

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Path Traversal Vulnerability Allowing Malicious File Placement

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating