CVE-2025-25279
Published: 24 February 2025
Summary
CVE-2025-25279 is a critical-severity Path Traversal (CWE-22) vulnerability in Mattermost Mattermost Server. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of board import archive blocks to block path traversal payloads that enable arbitrary server file reads.
Mandates timely identification, reporting, and correction of the specific board import validation flaw across affected Mattermost versions.
Requires vulnerability scanning of Mattermost installations to detect and remediate this path traversal vulnerability before exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in Mattermost Boards import allows exploitation of the network-accessible application (T1190) to read arbitrary local system files (T1005).
NVD Description
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a…
more
specially crafted import archive in Boards.
Deeper analysisAI
CVE-2025-25279 affects Mattermost versions 10.4.x up to and including 10.4.1, 9.11.x up to 9.11.7, 10.3.x up to 10.3.2, and 10.2.x up to 10.2.2. The vulnerability arises from a failure to properly validate board blocks when importing boards in the Boards feature, classified under CWE-22 (Path Traversal). This flaw allows an attacker to read arbitrary files on the system by importing and then exporting a specially crafted import archive. It carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and was published on 2025-02-24.
An authenticated attacker with low privileges (PR:L) can exploit this over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). By creating a malicious board import archive, the attacker imports it into a board and exports it, enabling arbitrary file reads on the server. The scope change (S:C) amplifies impact, resulting in high confidentiality, integrity, and availability consequences (C:H/I:H/A:H).
Mitigation details are available in the Mattermost security advisories at https://mattermost.com/security-updates.
Details
- CWE(s)