CVE-2025-9081 - CERT CVE
ID CVE-2025-9081
Sažetak Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration
Reference
CVSS
Base: 3.1
Impact: 1.4
Exploitability:1.6
Pristup
VektorSloženostAutentikacija
NETWORK HIGH LOW
Impact
PovjerljivostCjelovitostDostupnost
LOW NONE NONE
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Zadnje važnije ažuriranje 25-09-2025 - 20:14
Objavljeno 19-09-2025 - 20:15