Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 382

Browse all 382 CVE security advisories affecting Mattermost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Mattermost:MattermostMattermost Confluence PluginMattermost DesktopMattermost BoardsMattermost PlaybooksMattermost App FrameworkFocalboardPlaybooks PluginMattermost Github PluginMattermost iOS appMattermost PluginsMattermost Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2025-4981 Path Traversal Leading to RCE by Any Authenticated Mattermost User — MattermostCWE-427 9.9 Critical2025-06-20
CVE-2025-4128 Mattermost Guest User Information Disclosure Vulnerability — MattermostCWE-863 3.1 Low2025-06-11
CVE-2025-4573 LDAP Injection in Mattermost Enterprise Edition When Using Active Directory — MattermostCWE-90 4.1 Medium2025-06-11
CVE-2025-3611 Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions — MattermostCWE-863 3.1 Low2025-05-30
CVE-2025-3230 Bypass of System Admin User Deactivation Controls for Personal Access Tokens in Mattermost Server — MattermostCWE-303 5.4 Medium2025-05-30
CVE-2025-2571 Google OAuth Authentication Bypass for Converted Bot Accounts — MattermostCWE-303 4.2 Medium2025-05-30
CVE-2025-1792 Improper Access Control in Mattermost Channel Member API — MattermostCWE-863 3.1 Low2025-05-30
CVE-2025-3913 Team Privacy Settings Authorization Bypass in Mattermost Server — MattermostCWE-863 5.3 Medium2025-05-29
CVE-2025-2570 System Admin Cannot Access Environment settings in System Console While System Manager Can — MattermostCWE-863 2.7 Low2025-05-15
CVE-2025-2527 Improper access control to group information — MattermostCWE-863 4.3 Medium2025-05-15
CVE-2025-3446 Members Without Guest Invite Permissions Can Add Guests to Teams — MattermostCWE-863 4.3 Medium2025-05-15
CVE-2025-31947 Repeated LDAP login failures can lock an LDAP account — MattermostCWE-645 5.8 Medium2025-05-15
CVE-2025-41423 Unauthorized Playbooks Post Deletion in Mattermost Playbooks Plugin — MattermostCWE-863 3.1 Low2025-04-24
CVE-2025-35965 DoS in Mattermost Playbooks via Excessive Task Actions — MattermostCWE-770 6.5 Medium2025-04-24
CVE-2025-41395 Webapp DoS via malicious retrospective post in Playbooks — MattermostCWE-1287 6.5 Medium2025-04-24
CVE-2025-2564 Unauthorized View Access to Archived Channel Member Info — MattermostCWE-863 4.3 Medium2025-04-16
CVE-2025-27936 Webhook Secret Exposure via Timing attack in MSteams plugin — MattermostCWE-208 5.3 Medium2025-04-16
CVE-2025-31363 Data exfiltration via AI plugin Jira tool — MattermostCWE-1426 3.0 Low2025-04-16
CVE-2025-27571 Channel metadata visible in archived channels despite configuration setting — MattermostCWE-863 4.3 Medium2025-04-16
CVE-2025-27538 MFA Enforcement Bypass Allows Unauthorized Removal of MFA for Other Users — MattermostCWE-306 2.2 Low2025-04-16
CVE-2025-24839 Unauthorized AI bot activation via Wrangler plugin — MattermostCWE-863 3.1 Low2025-04-16
CVE-2025-2475 Unauthorized Bot Login Using Credentials — MattermostCWE-303 5.4 Medium2025-04-14
CVE-2025-2424 Leaked Metadata of Deleted Files via Bookmark Creation — MattermostCWE-863 3.1 Low2025-04-14
CVE-2025-32093 Syatem admin profile modification by delegated granular administration role — MattermostCWE-863 4.7 Medium2025-04-14
CVE-2025-30516 Unauthorized Notification Exposure in Mobile App Under Specific Conditions — MattermostCWE-613 2.0 Low2025-04-14
CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles — MattermostCWE-863 2.7 Low2025-04-10
CVE-2025-1558 Denial of Service Via Malicious GIF — MattermostCWE-1287 6.5 Medium2025-03-24
CVE-2025-25068 Bypassing MFA Enforcement on Plugin Endpoints — MattermostCWE-306 7.5 High2025-03-21
CVE-2025-24920 Unauthorized Bookmark Creation and Modification in Archived Channels — MattermostCWE-863 4.3 Medium2025-03-21
CVE-2025-30179 MFA Enforcement Bypass in Search APIs — MattermostCWE-863 4.3 Medium2025-03-21

This page lists every published CVE security advisory associated with Mattermost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.