CRITICALCVE-2025-25279CVSS 9.9

CVE-2025-25279: Arbitrary File Access in Mattermost Server

Platform

Component

github.com/mattermost/mattermost-server

Fixed in

10.4.2

9.11.8

10.3.3

10.2.3

8.0.0-20250122165010-4ed702ccff4e

9.11.8+incompatible

AI Confidence: highNVDEPSS 29.3%Reviewed: May 2026

View on NVD

Save

CVE-2025-25279 describes an Arbitrary File Access vulnerability discovered in Mattermost Server. This flaw allows attackers to read arbitrary files during board imports, potentially leading to data exposure and system compromise. The vulnerability impacts versions of Mattermost Server before 9.11.8+incompatible, and a patch has been released to address the issue.

Detect this CVE in your project

Upload your go.mod file and we'll tell you instantly if you're affected.

Upload go.mod

Impact and Attack Scenarios

The Arbitrary File Access vulnerability in Mattermost Server allows an attacker to read files that they should not have access to. This can occur during the board import process. An attacker could leverage this to read configuration files, source code, or other sensitive data stored on the server's file system. The potential impact includes data breaches, intellectual property theft, and potential escalation of privileges if sensitive credentials are exposed. The severity is critical due to the ease of exploitation and the potential for widespread data compromise, particularly in environments where sensitive information is stored on the Mattermost server.

Exploitation Context

CVE-2025-25279 was publicly disclosed on March 3, 2025. Currently, there are no known public Proof-of-Concept (PoC) exploits available. The vulnerability is not listed on the CISA KEV catalog as of this writing. Given the critical severity and the potential for widespread impact, it is recommended to prioritize patching.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

29.29% (97% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impacttotal

CVSS Vector

What do these metrics mean?

Attack Vector: Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity: Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required: Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction: None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope: Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality: High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity: High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability: High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentgithub.com/mattermost/mattermost-server

Vendorosv

Affected rangeFixed in

10.4.0 – 10.4.110.4.2

9.11.0 – 9.11.79.11.8

10.3.0 – 10.3.210.3.3

10.2.0 – 10.2.210.2.3

—8.0.0-20250122165010-4ed702ccff4e

9.11.0-rc1+incompatible9.11.8+incompatible

10.2.0-rc1+incompatible9.11.8+incompatible

10.3.0-rc1+incompatible9.11.8+incompatible

10.4.0-rc1+incompatible9.11.8+incompatible

Weakness Classification (CWE)

CWE-22

Timeline

Reserved2025-02-18
Published2025-03-03
Modified2026-02-04
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2025-25279 is to upgrade Mattermost Server to version 9.11.8+incompatible or later. Before upgrading, it is crucial to review Mattermost's upgrade documentation to ensure compatibility with your existing infrastructure and to avoid potential breaking changes. As a temporary workaround, restrict access to the board import functionality to trusted users only. Monitor Mattermost server logs for any unusual file access attempts. Consider implementing a Web Application Firewall (WAF) with rules to block suspicious file access requests related to board imports.

How to fix

Update Mattermost to version 10.4.2 or higher, or to version 9.11.8 or higher, or to version 10.3.3 or higher, or to version 10.2.3 or higher. This corrects the arbitrary file reading vulnerability by correctly validating the board blocks during import.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-25279 — Arbitrary File Access in Mattermost Server?

CVE-2025-25279 is a critical vulnerability in Mattermost Server allowing attackers to read arbitrary files during board imports, potentially exposing sensitive data.

Am I affected by CVE-2025-25279 in Mattermost Server?

You are affected if you are running Mattermost Server versions prior to 9.11.8+incompatible. Check your version and upgrade immediately.

How do I fix CVE-2025-25279 in Mattermost Server?

Upgrade Mattermost Server to version 9.11.8+incompatible or later. Review Mattermost's upgrade documentation before applying the update.

Is CVE-2025-25279 being actively exploited?

As of now, there are no confirmed reports of active exploitation, but the critical severity warrants immediate attention and patching.

Where can I find the official Mattermost advisory for CVE-2025-25279?

Refer to the official Mattermost security advisory for detailed information and updates: [https://mattermost.com/security/advisories/](https://mattermost.com/security/advisories/)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free Search CVEs