CVE-2025-20051
Published: 24 February 2025
Summary
CVE-2025-20051 is a critical-severity Path Traversal (CWE-22) vulnerability in Mattermost Mattermost Server. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 48.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires input validation mechanisms at system entry points to prevent path traversal attacks via specially crafted blocks during board patching and duplication.
Mandates timely identification, reporting, and patching of software flaws like the input validation failure in vulnerable Mattermost versions.
Enforces approved access authorizations for system resources, mitigating unauthorized arbitrary file reads even if path traversal input is processed.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal enables direct arbitrary file reads on the server, mapping to data collection from local system sources.
NVD Description
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a…
more
specially crafted block in Boards.
Deeper analysisAI
CVE-2025-20051 affects Mattermost versions 10.4.x up to and including 10.4.1, 9.11.x up to 9.11.7, 10.3.x up to 10.3.2, and 10.2.x up to 10.2.2. The vulnerability arises from a failure to properly validate input during patching and duplicating operations in the Boards feature, classified under CWE-22 (path traversal). This allows an attacker to read arbitrary files on the system by duplicating a specially crafted block. It carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), marking it as critical.
Exploitation requires an authenticated user with low privileges (PR:L) and can be performed remotely over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). The attack has a high scope change (S:C), enabling severe impacts including high confidentiality loss through arbitrary file reads, as well as high integrity and availability disruptions (C:H/I:H/A:H).
Mattermost advisories provide further details on patches and mitigation at https://mattermost.com/security-updates. The CVE was published on 2025-02-24T08:15:10.087.
Details
- CWE(s)