Plateforme
go
Composant
github.com/mattermost/mattermost-server
Corrigé dans
10.8.4
10.5.9
9.11.18
10.10.2
10.9.4
10.8.4
9.11.18+incompatible
9.11.18+incompatible
9.11.18+incompatible
9.11.18+incompatible
9.11.18+incompatible
CVE-2025-9079 is a Path Traversal vulnerability discovered in Mattermost Server, a popular open-source communication platform. This vulnerability allows attackers to potentially read arbitrary files on the server, leading to data exposure and potential system compromise. The vulnerability impacts versions of Mattermost Server prior to 9.11.18+incompatible, and a patch has been released to address the issue.
The core of this vulnerability lies in the improper handling of user-supplied input, allowing an attacker to manipulate file paths and access files outside of the intended directory. A successful exploit could enable an attacker to read configuration files, source code, or even sensitive user data stored on the server. The blast radius extends to any data accessible by the Mattermost Server process, and the potential for lateral movement depends on the server's overall security posture and access controls. While no direct precedent is immediately obvious, path traversal vulnerabilities often lead to information disclosure and privilege escalation.
CVE-2025-9079 was publicly disclosed on 2025-09-24. The vulnerability's severity is considered HIGH (CVSS:8). As of this writing, there are no publicly available Proof-of-Concept (PoC) exploits. It is not currently listed on the CISA KEV catalog. Active exploitation campaigns are not confirmed, but the ease of exploitation inherent in path traversal vulnerabilities suggests a potential for future attacks.
Organizations utilizing Mattermost Server for internal communication, particularly those running older, unpatched versions, are at risk. Shared hosting environments where Mattermost is installed alongside other applications are also vulnerable, as a compromise of Mattermost could potentially impact other hosted services. Teams relying on Mattermost for sensitive data storage should prioritize patching.
• linux / server:
journalctl -u mattermost -g 'path traversal'• generic web:
curl -I 'http://mattermost.example.com/../../../../etc/passwd' # Check for 200 OK responsedisclosure
Statut de l'Exploit
EPSS
0.03% (percentile 10%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to immediately upgrade Mattermost Server to version 9.11.18+incompatible or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with rules to filter out malicious path traversal attempts. Specifically, look for patterns involving .. sequences in file paths. Review and restrict file permissions on the Mattermost Server installation directory to limit the potential damage from a successful exploit. Monitor Mattermost server logs for unusual file access attempts. After upgrade, confirm by attempting to access a known restricted file via a web request and verifying that access is denied.
Actualice Mattermost a una versión que no esté afectada por esta vulnerabilidad. Consulte el aviso de seguridad de Mattermost para obtener más detalles y las versiones corregidas.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-9079 is a Path Traversal vulnerability affecting Mattermost Server versions before 9.11.18+incompatible, allowing attackers to read arbitrary files on the server.
If you are running Mattermost Server versions prior to 9.11.18+incompatible, you are potentially affected by this vulnerability.
Upgrade Mattermost Server to version 9.11.18+incompatible or later to mitigate the vulnerability. Consider WAF rules as a temporary workaround.
As of the current date, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests a potential for future attacks.
Refer to the official Mattermost security advisory for detailed information and updates regarding CVE-2025-9079.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier go.mod et nous te dirons instantanément si tu es affecté.