mattermost

575 tracked vulnerabilities.

CVE-2025-8402 MEDIUM
Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.3 10.10.0 - Denial of Service via Bulk Import Feature
Aug 21, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-6465 MEDIUM
Mattermost 10.5.0-10.5.8, 10.8.0-10.8.3, 10.9.0-10.9.3, 10.10.0 - Path Traversal & Arbitrary File Write
Aug 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-8023 MEDIUM
Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.2 - Path Traversal via Template File
Aug 21, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-53971 LOW
Mattermost 9.11.0-9.11.17 and 10.5.0-10.5.8 - Incorrect Authorization via Team Scheme Role Modification API
Aug 21, 2025
CVSS 3.8
EPSS 0.00
CVE-2025-49810 LOW
Mattermost 10.5.0-10.5.8 - Incorrect Authorization in AI Posts Thread Access
Aug 21, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-49222 MEDIUM
Mattermost Server < 9.11.18 - Unrestricted File Upload
Aug 21, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-47870 MEDIUM
Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.2 - Team Invite ID Exposure via Restore Endpoint
Aug 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-47700 LOW
Mattermost Server 10.5.0-10.5.9 - Server-Side Request Forgery via Empty Request Body Handling
Aug 21, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-36530 MEDIUM
Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.1 - Authenticated Path Traversal via Plugin Import
Aug 21, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-8285 MEDIUM
Mattermost Confluence Plugin < 1.5.0 - Missing Authorization via Channel Subscription API
Aug 11, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-54525 HIGH
Mattermost Confluence Plugin <1.5.0 - DoS
Aug 11, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54478 HIGH
Mattermost Confluence Plugin < 1.5.0 - Unauthenticated Channel Subscription Modification via API
Aug 11, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-54463 MEDIUM
Mattermost Confluence Plugin < 1.5.0 - Denial of Service via Invalid Request Body
Aug 11, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-54458 MEDIUM
Mattermost Confluence Plugin < 1.5.0 - Missing Authorization via Create Subscription Endpoint
Aug 11, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-53910 MEDIUM
Mattermost Confluence Plugin <1.5.0 - Info Disclosure
Aug 11, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-53857 LOW
Mattermost Confluence Plugin <1.5.0 - Info Disclosure
Aug 11, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-53514 MEDIUM
Mattermost Confluence Plugin <1.5.0 - DoS
Aug 11, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-52931 HIGH
Mattermost Confluence Plugin < 1.5.0 - Denial of Service via Invalid Request Body
Aug 11, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49221 LOW
Mattermost Confluence Plugin < 1.5.0 - Unauthenticated Information Disclosure via Subscription API
Aug 11, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-48731 MEDIUM
Mattermost Confluence Plugin <1.5.0 - Info Disclosure
Aug 11, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-44004 HIGH
Mattermost Confluence Plugin < 1.5.0 - Unauthenticated Channel Subscription via API Endpoint
Aug 11, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-44001 MEDIUM
Mattermost Confluence Plugin < 1.5.0 - Missing Authorization via Get Channel Subscriptions API
Aug 11, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-6227 LOW
Mattermost <10.5.7, <9.11.16 - Info Disclosure
Jul 18, 2025
CVSS 2.2
EPSS 0.00
CVE-2025-6233 MEDIUM
Mattermost <10.8.1-10.5.7-9.11.16 - Path Traversal
Jul 18, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-6226 MEDIUM
Mattermost <10.5.7, <10.8.2, <10.7.4, <9.11.17 - Info Disclosure
Jul 18, 2025
CVSS 6.5
EPSS 0.00
Products
mattermost_server 412 mattermost 233 mattermost-server 186 Mattermost 74 mattermost_desktop 23 mattermost_mobile 20 confluence 14 mattermost-plugin-confluence 14 mattermost-plugin-msteams 4 mattermost-plugin-playbooks 4 mattermost-plugin-jira 3 Focalboard 2 focalboard 2 mattermost-plugin-boards 2 mattermost-plugin-calls 2 mattermost-plugin-zoom 2 mattermost_boards 2 ms_teams 2 playbooks 2 zoom 2 channel_export 1 mattermost-plugin-channel-export 1 mattermost-plugin-github 1 mattermost_channel_export 1 mattermost_packages 1 mattermost_plugins 1
Quick Filters
Critical CVEs With Exploits In CISA KEV