CVE-2025-20086

Summary

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost10.2.0affected
MattermostMattermost9.11.0 <= 9.11.5affected
MattermostMattermost10.0.0 <= 10.0.3affected
MattermostMattermost10.1.0 <= 10.1.3affected
MattermostMattermost10.3.0unaffected
MattermostMattermost10.2.1unaffected
MattermostMattermost9.11.6unaffected
MattermostMattermost10.0.4unaffected
MattermostMattermost10.1.4unaffected

Weaknesses

  • CWE-1287: CWE-1287: Improper Validation of Specified Type of Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References