Cyber Resilience

CVE-2025-20051

Critical

Published: 24 February 2025

Published
24 February 2025
Modified
18 August 2025
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0025 48.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20051 is a critical-severity Path Traversal (CWE-22) vulnerability in Mattermost Mattermost Server. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 48.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-20051 affects Mattermost versions 10.4.x up to and including 10.4.1, 9.11.x up to 9.11.7, 10.3.x up to 10.3.2, and 10.2.x up to 10.2.2. The vulnerability arises from a failure to properly validate input during patching and duplicating operations in the Boards feature, classified under CWE-22 (path traversal). This allows an attacker to read arbitrary files on the system by duplicating a specially crafted block. It carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), marking it as critical.

Exploitation requires an authenticated user with low privileges (PR:L) and can be performed remotely over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). The attack has a high scope change (S:C), enabling severe impacts including high confidentiality loss through arbitrary file reads, as well as high integrity and availability disruptions (C:H/I:H/A:H).

Mattermost advisories provide further details on patches and mitigation at https://mattermost.com/security-updates. The CVE was published on 2025-02-24T08:15:10.087.

EU & UK References

Vulnerability details

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a…

more

specially crafted block in Boards.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Path traversal enables direct arbitrary file reads on the server, mapping to data collection from local system sources.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-25279Same product: Mattermost Mattermost Server
CVE-2026-4858Same product: Mattermost Mattermost Server
CVE-2026-6346Same product: Mattermost Mattermost Server
CVE-2025-1412Same product: Mattermost Mattermost Server
CVE-2025-25068Same product: Mattermost Mattermost Server
CVE-2026-3108Same product: Mattermost Mattermost Server
CVE-2026-2454Same product: Mattermost Mattermost Server
CVE-2026-24458Same product: Mattermost Mattermost Server
CVE-2025-12419Same product: Mattermost Mattermost Server
CVE-2025-24490Same product: Mattermost Mattermost Server

Affected Assets

mattermost
mattermost server
9.11.0 — 9.11.8 · 10.2.0 — 10.2.3 · 10.3.0 — 10.3.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires input validation mechanisms at system entry points to prevent path traversal attacks via specially crafted blocks during board patching and duplication.

prevent

Mandates timely identification, reporting, and patching of software flaws like the input validation failure in vulnerable Mattermost versions.

prevent

Enforces approved access authorizations for system resources, mitigating unauthorized arbitrary file reads even if path traversal input is processed.

References