CVE-2025-25279
Published: 24 February 2025
Summary
CVE-2025-25279 is a critical-severity Path Traversal (CWE-22) vulnerability in Mattermost Mattermost Server. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
Mattermost versions 10.4.x up to 10.4.1, 9.11.x up to 9.11.7, 10.3.x up to 10.3.2, and 10.2.x up to 10.2.2 contain a path traversal flaw in the Boards feature. The software fails to validate board blocks during import operations, enabling an attacker to supply a crafted archive that reads arbitrary files from the underlying system when the archive is later exported.
An authenticated user with access to import boards can exploit the weakness over the network without user interaction. Successful exploitation grants the ability to read any file on the server filesystem and may extend to full confidentiality, integrity, and availability impacts given the CVSS 9.9 rating and scope change.
The official Mattermost security advisory at https://mattermost.com/security-updates addresses the issue and directs administrators to apply the corresponding updates that restore proper validation of board blocks during import and export operations.
The associated EPSS score has reached a peak of 0.6120 with a current value of 0.5909, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4308
Vulnerability details
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a…
more
specially crafted import archive in Boards.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in Mattermost Boards import allows exploitation of the network-accessible application (T1190) to read arbitrary local system files (T1005).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of board import archive blocks to block path traversal payloads that enable arbitrary server file reads.
Mandates timely identification, reporting, and correction of the specific board import validation flaw across affected Mattermost versions.
Requires vulnerability scanning of Mattermost installations to detect and remediate this path traversal vulnerability before exploitation.