CVE-2025-9079
HIGH8.0EPSS 0.06%Mattermost Path Traversal vulnerability in github.com/mattermost/mattermost-server
Published: 9/19/2025Modified: 3/3/2026
Description
Mattermost Path Traversal vulnerability in github.com/mattermost/mattermost-server
Affected packages (6)
- Go/github.com/mattermost/mattermost-server>= 10.8.0, < 10.8.4
- Go/github.com/mattermost/mattermost-server>= 9.11.0+incompatible, < 9.11.18+incompatible, >= 10.5.0+incompatible, < 10.5.9+incompatible, >= 10.8.0+incompatible, < 10.8.4+incompatible, >= 10.9.0+incompatible, < 10.9.4+incompatible, >= 10.10.0+incompatible, < 10.10.2+incompatible
- Go/github.com/mattermost/mattermost-server/v5from 0
- Go/github.com/mattermost/mattermost-server/v6from 0
- Go/github.com/mattermost/mattermost/server/v8from 0, < 8.0.0-20250707221302-a8fa77f107ef
- Go/github.com/mattermost/mattermost/server/v8from 0, < 8.0.0-20250707221302-a8fa77f107ef
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.0 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
References (11)
- ADVISORYhttps://github.com/advisories/GHSA-qx3f-6vq3-8j8m
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-9079
- PATCHhttps://github.com/mattermost/mattermost
- WEBhttps://github.com/mattermost/mattermost/commit/047a2c64071749367fe02d2162f6103a3d31a883
- WEBhttps://github.com/mattermost/mattermost/commit/439464883aa16a329c23cd6274c4cca7e88e238f
- WEBhttps://github.com/mattermost/mattermost/commit/4ff68eea0a3f3777032d31a1a82f4b1fb492a1ac
- WEBhttps://github.com/mattermost/mattermost/commit/96665b9b98a17534fcd515982a2eb26950581e41
- WEBhttps://github.com/mattermost/mattermost/commit/a8fa77f107efe83f09a779f8e67cbecf236b0032
- WEBhttps://github.com/mattermost/mattermost/commit/b38e2eccda182212a8032539658723c7d87e0b7e
- WEBhttps://mattermost.com/security-updates
- WEBhttps://pkg.go.dev/vuln/GO-2025-3977