Improper Access Control

github.com/mattermost/mattermost is vulnerable to improper access control. The vulnerability is due to insufficient validation of user permissions when accessing files and subscribing to board blocks, which allows an authenticated attacker to access files and subscribe to blocks from boards they...

CVE-2025-13870

Mattermost versions 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does...

Arbitrary File Read

github.com/mattermost/mattermost-server is vulnerable to Arbitrary File Read. The vulnerability is due to improper validation of board blocks when importing boards, which allows an attacker to perform a path traversal attack by importing and exporting a specially crafted import archive in Boards...

CVE-2025-25279

Mattermost versions 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards...