cbcvebase.
CVE-2025-8023
published 2025-08-21

CVE-2025-8023: Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fails to sanitize path traversal sequences in template file…

medium4.9CVSS 3.1
AVNACLPRHUINSUCNIHAN
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path components, potentially enabling malicious file placement outside intended directories.

Affected

19 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server>= 10.5.0 < 10.5.910.5.9
github.commattermost_mattermost-server>= 10.5.0+incompatible < 10.5.9+incompatible10.5.9+incompatible
github.commattermost_mattermost-server>= 10.8.0 < 10.8.410.8.4
github.commattermost_mattermost-server>= 10.8.0+incompatible < 10.8.4+incompatible10.8.4+incompatible
github.commattermost_mattermost-server>= 10.9.0 < 10.9.310.9.3
github.commattermost_mattermost-server>= 10.9.0+incompatible < 10.9.3+incompatible10.9.3+incompatible
github.commattermost_mattermost-server>= 9.11.0 < 9.11.189.11.18
github.commattermost_mattermost-server>= 9.11.0+incompatible < 9.11.18+incompatible9.11.18+incompatible
github.commattermost_mattermost-server_v50 – 5.39.5
github.commattermost_mattermost-server_v60 – 6.7.2
github.commattermost_mattermost_server_v8>= 0 < 8.0.0-20250708065844-b38e2eccda188.0.0-20250708065844-b38e2eccda18
mattermostmattermost10.5.0 – 10.5.8
mattermostmattermost10.8.0 – 10.8.3
mattermostmattermost10.9.0 – 10.9.2
mattermostmattermost9.11.0 – 9.11.17
mattermostmattermost_server>= 10.5.0 < 10.5.910.5.9
mattermostmattermost_server>= 10.8.0 < 10.8.410.8.4
mattermostmattermost_server>= 10.9.0 < 10.9.310.9.3
mattermostmattermost_server>= 9.11.0 < 9.11.189.11.18