Metrics
Affected Vendors & Products
Solution
Update Mattermost to versions 10.3.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher.
Workaround
No workaround given by the vendor.
Thu, 02 Oct 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost mattermost Server
|
|
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mattermost mattermost Server
|
Sat, 11 Jan 2025 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 09 Jan 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 09 Jan 2025 07:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props. | |
Title | DoS via custom post type for sysconsole plugin readers | |
Weaknesses | CWE-1287 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Mattermost
Published:
Updated: 2025-01-09T15:05:20.599Z
Reserved: 2025-01-08T11:07:12.589Z
Link: CVE-2025-20033

Updated: 2025-01-09T15:05:14.797Z

Status : Analyzed
Published: 2025-01-09T07:15:28.450
Modified: 2025-10-02T17:26:14.850
Link: CVE-2025-20033


Updated: 2025-07-13T11:07:21Z