Three critical vulnerabilities have been discovered in Mattermost affecting its boards feature, potentially leading to arbitrary file reads and SQL injection attacks. Patches have been released, and no active exploitation has been reported. Affected: Mattermost, collaboration platforms, software users
Keypoints :
- Critical vulnerabilities identified in Mattermost, an open-source collaboration platform.
- CVE-2025-00051 allows arbitrary file reads via improper input validation during board duplication.
- CVE-2025-24490 enables SQL injection through insecure SQL query execution while reordering boards.
- CVE-2025-25279 permits arbitrary file reads when importing boards due to inadequate validation of board blocks.
- Patches have been released for the vulnerabilities.
- No public exploit code or active exploitation reported as of the writing.
Full Story: https://censys.com/multiple-critical-vulnerabilities-in-mattermost/