Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 352

All 352 CVE vulnerabilities found in Mattermost, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mattermost

CVE IDTitleCVSSSeverityPublished
CVE-2025-27936 Webhook Secret Exposure via Timing attack in MSteams plugin CWE-208 5.3 Medium2025-04-16
CVE-2025-31363 Data exfiltration via AI plugin Jira tool CWE-1426 3.0 Low2025-04-16
CVE-2025-27571 Channel metadata visible in archived channels despite configuration setting CWE-863 4.3 Medium2025-04-16
CVE-2025-27538 MFA Enforcement Bypass Allows Unauthorized Removal of MFA for Other Users CWE-306 2.2 Low2025-04-16
CVE-2025-24839 Unauthorized AI bot activation via Wrangler plugin CWE-863 3.1 Low2025-04-16
CVE-2025-2475 Unauthorized Bot Login Using Credentials CWE-303 5.4 Medium2025-04-14
CVE-2025-2424 Leaked Metadata of Deleted Files via Bookmark Creation CWE-863 3.1 Low2025-04-14
CVE-2025-32093 Syatem admin profile modification by delegated granular administration role CWE-863 4.7 Medium2025-04-14
CVE-2025-30516 Unauthorized Notification Exposure in Mobile App Under Specific Conditions CWE-613 2.0 Low2025-04-14
CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles CWE-863 2.7 Low2025-04-10
CVE-2025-1558 Denial of Service Via Malicious GIF CWE-1287 6.5 Medium2025-03-24
CVE-2025-25068 Bypassing MFA Enforcement on Plugin Endpoints CWE-306 7.5 High2025-03-21
CVE-2025-24920 Unauthorized Bookmark Creation and Modification in Archived Channels CWE-863 4.3 Medium2025-03-21
CVE-2025-30179 MFA Enforcement Bypass in Search APIs CWE-863 4.3 Medium2025-03-21
CVE-2025-25274 Unauthorized Command Execution in Archived Channels CWE-863 4.3 Medium2025-03-21
CVE-2025-27933 Unauthorized Private-to-Public Channel Conversion CWE-863 5.4 Medium2025-03-21
CVE-2025-27715 Auto-Enrollment of Team Admins into Private Channels without explicit consent CWE-863 3.3 Low2025-03-21
CVE-2025-1472 Unauthorized View Access to Site Statistics and Team Statistics CWE-863 4.3 Medium2025-03-19
CVE-2025-1398 macOS TCC Bypass via Code Injection CWE-426 3.3 Low2025-03-17
CVE-2025-20051 Arbitrary file read via block duplication in Mattermost Boards CWE-22 9.9 Critical2025-02-24
CVE-2025-24490 SQL Injection in Mattermost Boards via board category ID reordering CWE-89 9.6 Critical2025-02-24
CVE-2025-25279 Arbitrary file read in Mattermost Boards via import & export board archive CWE-22 9.9 Critical2025-02-24
CVE-2025-1412 Session Persistence After User-to-Bot Conversion CWE-384 3.1 Low2025-02-24
CVE-2025-24526 Channel export permitted on archived channel when viewing archived channels is disabled CWE-863 4.3 Medium2025-02-24
CVE-2025-0503 Leaked User IDs and Metadata of Deleted DMs CWE-754 3.1 Low2025-02-14
CVE-2025-20630 Mobile crash via object that can't be cast to String in Attachment Field CWE-1287 6.5 Medium2025-01-16
CVE-2025-20621 Webapp crash via object that can't be cast to String in Attachment Field CWE-1287 6.5 Medium2025-01-16
CVE-2025-20072 Mobile crash via improper validation of proto style in attachments CWE-704 6.5 Medium2025-01-16
CVE-2025-0476 Mobile crash via file with specially crafted filename CWE-1287 4.3 Medium2025-01-15
CVE-2025-20088 Insufficient Input Validation on Post Props CWE-1287 6.5 Medium2025-01-15

All 352 known CVE vulnerabilities affecting Mattermost with full Chinese analysis, references, and POCs where available.