Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 382

Browse all 382 CVE security advisories affecting Mattermost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Mattermost:MattermostMattermost Confluence PluginMattermost DesktopMattermost BoardsMattermost PlaybooksMattermost App FrameworkFocalboardPlaybooks PluginMattermost Github PluginMattermost iOS appMattermost PluginsMattermost Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2025-25274 Unauthorized Command Execution in Archived Channels — MattermostCWE-863 4.3 Medium2025-03-21
CVE-2025-27933 Unauthorized Private-to-Public Channel Conversion — MattermostCWE-863 5.4 Medium2025-03-21
CVE-2025-27715 Auto-Enrollment of Team Admins into Private Channels without explicit consent — MattermostCWE-863 3.3 Low2025-03-21
CVE-2025-1472 Unauthorized View Access to Site Statistics and Team Statistics — MattermostCWE-863 4.3 Medium2025-03-19
CVE-2025-1398 macOS TCC Bypass via Code Injection — MattermostCWE-426 3.3 Low2025-03-17
CVE-2025-20051 Arbitrary file read via block duplication in Mattermost Boards — MattermostCWE-22 9.9 Critical2025-02-24
CVE-2025-24490 SQL Injection in Mattermost Boards via board category ID reordering — MattermostCWE-89 9.6 Critical2025-02-24
CVE-2025-25279 Arbitrary file read in Mattermost Boards via import & export board archive — MattermostCWE-22 9.9 Critical2025-02-24
CVE-2025-1412 Session Persistence After User-to-Bot Conversion — MattermostCWE-384 3.1 Low2025-02-24
CVE-2025-24526 Channel export permitted on archived channel when viewing archived channels is disabled — MattermostCWE-863 4.3 Medium2025-02-24
CVE-2025-0503 Leaked User IDs and Metadata of Deleted DMs — MattermostCWE-754 3.1 Low2025-02-14
CVE-2025-20630 Mobile crash via object that can't be cast to String in Attachment Field — MattermostCWE-1287 6.5 Medium2025-01-16
CVE-2025-20621 Webapp crash via object that can't be cast to String in Attachment Field — MattermostCWE-1287 6.5 Medium2025-01-16
CVE-2025-20072 Mobile crash via improper validation of proto style in attachments — MattermostCWE-704 6.5 Medium2025-01-16
CVE-2025-0476 Mobile crash via file with specially crafted filename — MattermostCWE-1287 4.3 Medium2025-01-15
CVE-2025-20088 Insufficient Input Validation on Post Props — MattermostCWE-1287 6.5 Medium2025-01-15
CVE-2025-20086 Insufficient Input Validation on Post Props — MattermostCWE-1287 6.5 Medium2025-01-15
CVE-2025-20036 Insufficient Input Validation on Post Props — MattermostCWE-1287 6.5 Medium2025-01-15
CVE-2025-21083 Insufficient Input Validation on Post Props — MattermostCWE-1287 6.5 Medium2025-01-15
CVE-2025-21088 WebApp crash via improper validation of proto style in attachments — MattermostCWE-704 6.5 Medium2025-01-15
CVE-2025-22445 Misleading UI for undefined admin console settings in Calls causes security confusion — MattermostCWE-754 3.5 Low2025-01-09
CVE-2025-20033 DoS via custom post type for sysconsole plugin readers — MattermostCWE-1287 4.3 Medium2025-01-09
CVE-2025-22449 Access control flaw for team admins allows unauthorized team additions — MattermostCWE-863 3.8 Low2025-01-09
CVE-2024-11358 Insecure Android File Provider Paths — MattermostCWE-284 5.7 Medium2024-12-16
CVE-2024-54682 Zipbomb DoS via Missing Slack Import Validation — MattermostCWE-409 6.5 Medium2024-12-16
CVE-2024-54083 DoS via lack of type validation in Calls — MattermostCWE-1287 6.5 Medium2024-12-16
CVE-2024-48872 Bypass of "Max failed attempts" restriction via race condition — MattermostCWE-362 4.8 Medium2024-12-16
CVE-2024-12247 Improper propagation of permission scheme updates across cluster nodes — MattermostCWE-863 4.6 Medium2024-12-05
CVE-2024-11599 Domain Restriction Bypass on Registration — MattermostCWE-754 8.2 High2024-11-28
CVE-2024-52032 Private channel names leaking when Elasticsearch is enabled — MattermostCWE-200 4.3 Medium2024-11-09

This page lists every published CVE security advisory associated with Mattermost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.