CVE-2025-6233

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-6233
Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://mattermost.com/security-updates
Configurations

No configuration.

History

22 Jul 2025, 13:06

Type Values Removed Values Added
Summary
  • (es) Las versiones de Mattermost 10.8.x &lt;= 10.8.1, 10.7.x &lt;= 10.7.3, 10.5.x &lt;= 10.5.7, 9.11.x &lt;= 9.11.16 no logran depurar las rutas de entrada de los archivos adjuntos en el archivo JSONL de importación masiva, lo que permite que un administrador del sistema lea archivos de sistema arbitrarios a través del path traversal.

18 Jul 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-18 10:15

Updated : 2025-07-22 13:06

NVD link : CVE-2025-6233

Mitre link : CVE-2025-6233

CVE.ORG link : CVE-2025-6233

JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')