Moderate severityNVD Advisory· Published Jan 15, 2025· Updated Feb 12, 2025

Insufficient Input Validation on Post Props

CVE-2025-20088

Description

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/mattermost/mattermost/server/v8Go	>= 10.2.0, < 10.2.1	10.2.1
github.com/mattermost/mattermost/server/v8Go	>= 10.1.0, < 10.1.4	10.1.4
github.com/mattermost/mattermost/server/v8Go	>= 10.0.0, < 10.0.4	10.0.4
github.com/mattermost/mattermost/server/v8Go	>= 9.11.0, < 9.11.6	9.11.6
github.com/mattermost/mattermost/server/v8Go	< 8.0.0-20241127161322-25ff7a3779a5	8.0.0-20241127161322-25ff7a3779a5

Affected products

Mattermost/Mattermostv5
Range: 10.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-45v9-w9fh-33j6ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-20088ghsaADVISORY
mattermost.com/security-updatesghsaWEB
pkg.go.dev/vuln/GO-2025-3394ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000