CVE-2025-9079

Vulnerability Description

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory

Vulnerability Details

Published Date

September 19, 2025

Last Modified

September 25, 2025

Source

NVD

CVE-2025-9079

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment