Security Advisory

CVE-2025-6465

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-21 17:01:42

Last updated 2025-08-21 17:30:45

Assigner Mattermost

State PUBLISHED

Description

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs.

← Browse all CVEs View on cve.org ↗