Home > Vulnerability Database > CVE-2025-21088

Mend.io Vulnerability Database

CVE-2025-21088

Good to know:

Date: January 15, 2025

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.

Severity Score

6.5

Related Resources (6)

Url: https://pkg.go.dev/vuln/GO-2025-3393

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-21088

Url: https://github.com/advisories/GHSA-8j3q-gc9x-7972

Url: https://github.com/mattermost/mattermost

Url: https://mattermost.com/security-updates

Url: https://www.mend.io/vulnerability-database/CVE-2025-21088

Severity Score

6.5

Weakness Type (CWE)

Incorrect Type Conversion or Cast

CWE-704

Top Fix

Upgrade Version

Upgrade to version github.com/mattermost/mattermost/server/v8 - v8.0.0-20241127161322-25ff7a3779a5

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-21088

Good to know:

Date: January 15, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?