CVE-2025-9081
published 2025-09-19CVE-2025-9081: Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-plugin-boards | >= 0 < 0.0.0-20250716054606-3f3e3becfe1d | 0.0.0-20250716054606-3f3e3becfe1d |
| github.com | mattermost_mattermost-server | >= 10.5.0-rc1 < 10.5.9 | 10.5.9 |
| github.com | mattermost_mattermost-server | >= 10.5.0-rc1+incompatible < 10.5.9+incompatible | 10.5.9+incompatible |
| github.com | mattermost_mattermost-server | >= 9.11.0-rc1 < 9.11.18 | 9.11.18 |
| github.com | mattermost_mattermost-server | >= 9.11.0-rc1+incompatible < 9.11.18+incompatible | 9.11.18+incompatible |
| github.com | mattermost_mattermost_server_v8 | >= 0 < 8.0.0-20250721095935-11c36f4d1e44 | 8.0.0-20250721095935-11c36f4d1e44 |
| mattermost | mattermost | 10.5.0 – 10.5.8 | — |
| mattermost | mattermost | 9.11.0 – 9.11.17 | — |
| mattermost | mattermost_server | >= 10.5.0 < 10.5.9 | 10.5.9 |
| mattermost | mattermost_server | >= 9.11.0 < 9.11.17 | 9.11.17 |