CVE-2025-25274
Published: 21 March 2025
Description
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Security Summary
CVE-2025-25274, published on 2025-03-21, affects Mattermost versions 10.4.x up to and including 10.4.2, 10.3.x up to 10.3.3, and 9.11.x up to 9.11.8. The vulnerability stems from a failure to restrict command execution in archived channels, mapped to CWE-863 (Incorrect Authorization) and CWE-77 (Command Injection). It carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N), indicating moderate severity with network accessibility, low attack complexity, and low privileges required.
Authenticated users can exploit this issue remotely without user interaction, bypassing restrictions intended for archived channels. Exploitation enables running unauthorized commands in those channels, leading to low-impact integrity violations such as unintended modifications or executions not permitted in an archived state.
Mattermost advisories provide further details on patches and mitigations at https://mattermost.com/security-updates.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability enables unauthorized command execution via command injection (CWE-77) and incorrect authorization (CWE-863) in a network-accessible collaboration platform, directly facilitating T1059 for command execution and T1190 for exploiting the public/internet-facing application.