Primary

Context

Mattermost Denial-of-Service Vulnerability in Bulk Import Feature

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Mattermost versions 10.8.x through 10.8.3, 10.5.x through 10.5.8, 9.11.x through 9.11.17, 10.10.x through 10.10.0, and 10.9.x through 10.9.3. The issue arises because these versions fail to properly validate import data, allowing a system administrator to crash the server by exploiting the bulk import feature.

Impact

Exploitation of this vulnerability leads to a server crash, causing a denial-of-service condition.

Remediation

Users can upgrade to Mattermost versions 10.11.0, 10.5.10, 9.11.18, or 10.10.1 to address this vulnerability.

Added: Aug 21, 2025, 5:20 PM

Updated: Aug 21, 2025, 5:20 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Denial-of-Service Vulnerability in Bulk Import Feature

Vulnerability

Impact

Remediation

Affected Products

Mattermost

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating