CVE-2025-2424

Mattermost vulnerability CVE-2025-2424 affects Mattermost releases 10.5.x ≤ 10.5.1 and 9.11.x ≤ 9.11.9. The root cause is a failure to verify whether a file has been deleted when creating a bookmark, which can let an attacker who knows deleted file IDs obtain metadata of those files via bookmark ...

Mattermost Server 10.4.x < 10.4.3 / 10.3.x < 10.3.4 /9.11.x < 9.11.9 / 10.5.x < 10.5.1 (MMSA-2025-00432)

The version of Mattermost Server installed on the remote host is prior to 10.4.4 / 10.3.4 / 9.11.9 / 10.5.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00432 advisory. - Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail t...