Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates |
Configurations
No configuration.
History
22 Aug 2025, 18:08
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Aug 2025, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-08-21 17:15
Updated : 2025-08-22 18:08
NVD link : CVE-2025-6465
Mitre link : CVE-2025-6465
CVE.ORG link : CVE-2025-6465
JSON object : View
Products Affected
No product.
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')