mattermost

575 tracked vulnerabilities.

CVE-2025-47871 MEDIUM
Mattermost 9.11.0-9.11.15 10.5.0-10.5.5 10.6.0-10.6.5 10.7.0-10.7.2 10.8.0 - Authenticated Information Disclosure
Jun 30, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-46702 MEDIUM
Mattermost <10.5.5-10.8.0 - Privilege Escalation
Jun 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-3228 MEDIUM
Mattermost <10.5.5-10.8.0 - Info Disclosure
Jun 20, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-3227 MEDIUM
Mattermost <10.5.5-10.8.0 - Privilege Escalation
Jun 20, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-4981 CRITICAL
Mattermost <=10.5.5, <=9.11.15, <=10.8.0, <=10.7.2, <=10.6.5 - Authenticated Arbitrary File Write via Path Traversal
Jun 20, 2025
CVSS 9.9
EPSS 0.02
CVE-2025-4573 MEDIUM
Mattermost 9.11.0-9.11.13 10.5.0-10.5.4 10.6.0-10.6.3 10.7.0-10.7.1 - LDAP Injection via Group ID
Jun 11, 2025
CVSS 4.1
EPSS 0.00
CVE-2025-4128 LOW
Mattermost 9.11.0-9.11.13 and 10.5.0-10.5.4 - Incorrect Authorization via Teams API
Jun 11, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-3611 LOW
Mattermost 9.11.0-9.11.12 10.5.0-10.5.3 10.7.0 - Authenticated Incorrect Authorization via Team API Endpoint
May 30, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-3230 MEDIUM
Mattermost <10.7.0-10.6.2-10.5.3-9.11.12 - Info Disclosure
May 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-2571 MEDIUM
Mattermost <10.7.0-10.5.3-9.11.12 - Auth Bypass
May 30, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-1792 LOW
Mattermost <10.7.0, <10.5.3, <9.11.12 - Info Disclosure
May 30, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-3913 MEDIUM
Mattermost <10.7.0-9.11.12 - Privilege Escalation
May 29, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-2570 LOW
Mattermost 9.11.0-9.11.11 and 10.5.0-10.5.3 - Incorrect Authorization via System Console
May 15, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-2527 MEDIUM
Mattermost 9.11.0-9.11.11 and 10.5.0-10.5.2 - Incorrect Authorization via Group API
May 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-3446 MEDIUM
Mattermost 9.11.0-9.11.11 10.4.0-10.4.4 10.5.0-10.5.2 10.6.0-10.6.1 - Incorrect Authorization via Team Invite API
May 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-31947 MEDIUM
Mattermost <10.6.1-10.5.2-10.4.4-9.11.11 - Privilege Escalation
May 15, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-41423 LOW
Mattermost 9.11.0-9.11.10 10.4.0-10.4.2 10.5.0 - Unauthenticated Post Deletion via Playbooks Signal Keywords Endpoint
Apr 24, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-41395 MEDIUM
Mattermost 9.11.0-9.11.10, 10.4.0-10.4.2, 10.5.0 - Denial of Service via RetrospectivePost Custom Post Type
Apr 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-35965 MEDIUM
Mattermost 9.11.0-9.11.10, 10.4.0-10.4.2, 10.5.0 - Denial of Service via UpdateRunTaskActions GraphQL Operation
Apr 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-2564 MEDIUM
Mattermost 9.11.0-9.11.9 and 10.5.0-10.5.1 - Authenticated Incorrect Authorization in Archived Channel Access Control
Apr 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-31363 LOW
Mattermost <10.4.2, 10.5.0, 9.11.9 - SSRF
Apr 16, 2025
CVSS 3.0
EPSS 0.00
CVE-2025-27936 MEDIUM
Mattermost Plugin MSTeams <2.1.0 & Mattermost Server 10.5.x <=10.5....
Apr 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-27571 MEDIUM
Mattermost 9.11.0-9.11.9, 10.4.0-10.4.3, 10.5.0-10.5.1 - Incorrect Authorization in Archived Channel Metadata
Apr 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-27538 LOW
Mattermost <10.5.1-9.11.9 - Privilege Escalation
Apr 16, 2025
CVSS 2.2
EPSS 0.00
CVE-2025-24839 LOW
Mattermost 9.11.0-9.11.9 and 10.5.0-10.5.1 - Incorrect Authorization via Wrangler Plugin Override
Apr 16, 2025
CVSS 3.1
EPSS 0.00
Products
mattermost_server 412 mattermost 233 mattermost-server 186 Mattermost 74 mattermost_desktop 23 mattermost_mobile 20 confluence 14 mattermost-plugin-confluence 14 mattermost-plugin-msteams 4 mattermost-plugin-playbooks 4 mattermost-plugin-jira 3 Focalboard 2 focalboard 2 mattermost-plugin-boards 2 mattermost-plugin-calls 2 mattermost-plugin-zoom 2 mattermost_boards 2 ms_teams 2 playbooks 2 zoom 2 channel_export 1 mattermost-plugin-channel-export 1 mattermost-plugin-github 1 mattermost_channel_export 1 mattermost_packages 1 mattermost_plugins 1
Quick Filters
Critical CVEs With Exploits In CISA KEV