CVE-2025-6465

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-6465
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:10.10.0:-:*:*:*:*:*:*
History

No history.

Information

Published : 2025-08-21 17:15

Updated : 2025-10-02 19:49

NVD link : CVE-2025-6465

Mitre link : CVE-2025-6465

CVE.ORG link : CVE-2025-6465

JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')