CVE-2025-8402: Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which allows a…

medium4.9CVSS 3.1

AVNACLPRHUINSUCNINAH

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature.

Affected

23 ranges

Vendor	Product	Version range	Fixed in
github.com	mattermost_mattermost-server	>= 10.10.0 < 10.10.1	10.10.1
github.com	mattermost_mattermost-server	>= 10.10.0+incompatible < 10.10.1+incompatible	10.10.1+incompatible
github.com	mattermost_mattermost-server	>= 10.5.0 < 10.5.9	10.5.9
github.com	mattermost_mattermost-server	>= 10.5.0+incompatible < 10.5.9+incompatible	10.5.9+incompatible
github.com	mattermost_mattermost-server	>= 10.8.0 < 10.8.4	10.8.4
github.com	mattermost_mattermost-server	>= 10.8.0+incompatible < 10.8.4+incompatible	10.8.4+incompatible
github.com	mattermost_mattermost-server	>= 10.9.0 < 10.9.4	10.9.4
github.com	mattermost_mattermost-server	>= 10.9.0+incompatible < 10.9.4+incompatible	10.9.4+incompatible
github.com	mattermost_mattermost-server	>= 9.11.0 < 9.11.18	9.11.18
github.com	mattermost_mattermost-server	>= 9.11.0+incompatible < 9.11.18+incompatible	9.11.18+incompatible
github.com	mattermost_mattermost-server_v5	0 – 5.39.3	—
github.com	mattermost_mattermost-server_v6	0 – 6.7.2	—
github.com	mattermost_mattermost_server_v8	>= 0 < 8.0.0-20250708173752-d6b35c41f0ae5	8.0.0-20250708173752-d6b35c41f0ae5
mattermost	mattermost	—	—
mattermost	mattermost	10.5.0 – 10.5.8	—
mattermost	mattermost	10.8.0 – 10.8.3	—
mattermost	mattermost	10.9.0 – 10.9.3	—
mattermost	mattermost	9.11.0 – 9.11.17	—
mattermost	mattermost_server	—	—
mattermost	mattermost_server	>= 10.5.0 < 10.5.9	10.5.9
mattermost	mattermost_server	>= 10.8.0 < 10.8.4	10.8.4
mattermost	mattermost_server	>= 10.9.0 < 10.9.4	10.9.4
mattermost	mattermost_server	>= 9.11.0 < 9.11.18	9.11.18