CVE Vulnerabilities

CVE-2025-21088

Incorrect Type Conversion or Cast

Published: Jan 15, 2025 | Modified: Sep 30, 2025
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an actions style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.

Weakness

The product does not correctly convert an object, resource, or structure from one type to a different type.

Affected Software

Name Vendor Start Version End Version
Mattermost_server Mattermost 9.11.0 (including) 9.11.6 (excluding)
Mattermost_server Mattermost 10.0.0 (including) 10.0.4 (excluding)
Mattermost_server Mattermost 10.1.0 (including) 10.1.4 (excluding)
Mattermost_server Mattermost 10.2.0 (including) 10.2.0 (including)

References