CVE-2025-9079

High CVSS: 8.0

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory

Vendor

Mattermost

Product

Mattermost Server

CWE

CWE-22

Yayın Tarihi

2025-09-19 20:15:40

Güncelleme

2025-09-25 20:16:04

Source Identifier

responsibledisclosure@mattermost.com

KEV Date Added

Kategoriler

CWE-22 Mattermost Server HIGH Mattermost 2025

Referanslar

https://mattermost.com/security-updates

Benzer Kayıtlar

Medium

CVE-2026-3112

Mattermost versions 11.4.x

Medium

CVE-2026-3113

Mattermost versions 11.4.x

Medium

CVE-2026-3114

Mattermost versions 11.4.x

Medium

CVE-2026-3115

Mattermost versions 11.2.x

High

CVE-2026-3108

Mattermost versions 11.2.x

Medium

CVE-2026-4274

Mattermost versions 11.2.x