Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-9078

Good to know:

icon

Date: September 15, 2025

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previews via hash collision attacks on FNV-1 hashing

Severity Score

Related Resources (9)

https://nvd.nist.gov/vuln/detail/CVE-2025-9078
https://github.com/mattermost/mattermost/commit/356880c8430b77a4a390c89d5a33f6928188d137
https://github.com/advisories/GHSA-9p92-x77w-9fw2
https://github.com/mattermost/mattermost/commit/cd87e5c877373f109742aa90a3fa136c14774325
https://github.com/mattermost/mattermost
https://mattermost.com/security-updates
https://github.com/mattermost/mattermost/commit/a8a4badc130be101e5bc4b7916bbcd2f966c4b79
https://github.com/mattermost/mattermost/commit/944ad5cdd9876ef61c78c8275906262a4118755a
https://www.mend.io/vulnerability-database/CVE-2025-9078

Severity Score

Weakness Type (CWE)

Use of Weak Hash

CWE-328

Top Fix

icon

Upgrade Version

Upgrade to version github.com/mattermost/mattermost - v9.11.18;github.com/mattermost/mattermost - v10.5.9;github.com/mattermost/mattermost - v10.8.4;github.com/mattermost/mattermost - v10.10.2;github.com/mattermost/mattermost - v10.9.4;github.com/mattermost/mattermost-server - v9.11.18+incompatible;github.com/mattermost/mattermost/server/v8 - v8.0.0-20250718075842-cd87e5c87737

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us