Platform
go
Component
github.com/mattermost/mattermost-server
Fixed in
10.8.4
10.5.9
9.11.18
10.10.2
10.9.4
10.8.4
9.11.18+incompatible
9.11.18+incompatible
9.11.18+incompatible
9.11.18+incompatible
9.11.18+incompatible
CVE-2025-9079 is a Path Traversal vulnerability discovered in Mattermost Server, a popular open-source communication platform. This vulnerability allows attackers to potentially read arbitrary files on the server, leading to data exposure and potential system compromise. The vulnerability impacts versions of Mattermost Server prior to 9.11.18+incompatible, and a patch has been released to address the issue.
The core of this vulnerability lies in the improper handling of user-supplied input, allowing an attacker to manipulate file paths and access files outside of the intended directory. A successful exploit could enable an attacker to read configuration files, source code, or even sensitive user data stored on the server. The blast radius extends to any data accessible by the Mattermost Server process, and the potential for lateral movement depends on the server's overall security posture and access controls. While no direct precedent is immediately obvious, path traversal vulnerabilities often lead to information disclosure and privilege escalation.
CVE-2025-9079 was publicly disclosed on 2025-09-24. The vulnerability's severity is considered HIGH (CVSS:8). As of this writing, there are no publicly available Proof-of-Concept (PoC) exploits. It is not currently listed on the CISA KEV catalog. Active exploitation campaigns are not confirmed, but the ease of exploitation inherent in path traversal vulnerabilities suggests a potential for future attacks.
Exploit Status
EPSS
0.03% (10% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade Mattermost Server to version 9.11.18+incompatible or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to filter out malicious path traversal attempts. Specifically, look for patterns involving .. sequences in file paths. Review and restrict file permissions on the Mattermost Server installation directory to limit the potential damage from a successful exploit. Monitor Mattermost server logs for unusual file access attempts. After upgrade, confirm by attempting to access a known restricted file via a web request and verifying that access is denied.
Update Mattermost to a version not affected by this vulnerability. See the Mattermost security advisory for more details and the patched versions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-9079 is a Path Traversal vulnerability affecting Mattermost Server versions before 9.11.18+incompatible, allowing attackers to read arbitrary files on the server.
If you are running Mattermost Server versions prior to 9.11.18+incompatible, you are potentially affected by this vulnerability.
Upgrade Mattermost Server to version 9.11.18+incompatible or later to mitigate the vulnerability. Consider WAF rules as a temporary workaround.
As of the current date, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests a potential for future attacks.
Refer to the official Mattermost security advisory for detailed information and updates regarding CVE-2025-9079.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.