Vulnerabilities in Mattermost
433 resultsCVE-2025-25279CRITICALArbitrary file read in Mattermost Boards via import & export board archiveEPSS 20.8%CVE-2021-37859HIGHReflected XSS in OAuth FlowEPSS 3.3%CVE-2022-3257LOWServer-side Denial of Service while processing a specifically crafted GIF fileEPSS 1.1%CVE-2022-4044MEDIUMAuthenticated user could send multiple requests containing a large Auto Responder Message payload and can crash a Mattermost serverEPSS 1.1%CVE-2021-37865MEDIUMServer-side Denial of Service while processing a specifically crafted GIF fileEPSS 0.9%CVE-2022-0904MEDIUMStack overflow in document extractor in MattermostEPSS 0.9%CVE-2021-37861MEDIUMMattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.EPSS 0.9%CVE-2022-3147LOWServer-side Denial of Service while processing a specifically crafted JPEG fileEPSS 0.9%CVE-2022-1337MEDIUMOOM DoS in Mattermost image proxyEPSS 0.9%CVE-2022-1982MEDIUMA crafted SVG attachment can crash a Mattermost serverEPSS 0.8%CVE-2021-37863LOWMattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a cEPSS 0.8%CVE-2022-1385LOWInvitation Email is resent as a Reminder after invalidating pending email invitesEPSS 0.8%CVE-2022-0903MEDIUMStack overflow in SAML login in MattermostEPSS 0.8%CVE-2022-0708MEDIUMTeam Creator's Email Address is disclosed to Team Members via one of the APIsEPSS 0.8%CVE-2022-2406MEDIUMMalicious imports can lead to Denial of ServiceEPSS 0.8%CVE-2022-4019MEDIUMAuthenticated user could send multiple requests containing a large payload to a Playbooks API and can crash a Mattermost serverEPSS 0.7%CVE-2023-48268MEDIUMDenial of Service via Board Import Zip BombEPSS 0.7%CVE-2021-37866MEDIUMSession is not invalidated on server-side when user logged out of BoardsEPSS 0.7%CVE-2023-40703MEDIUMDenial of Service via specially crafted block fields in Mattermost BoardsEPSS 0.7%CVE-2025-6465MEDIUMPath traversal in image upload with preview overwriteEPSS 0.7%