CVE-2025-21088

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-21088

Severity

6.5

Medium

CVSS V3

Description

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.

References

https://images.chainguard.dev/security/CGA-vvxw-xx2v-7c3q
https://github.com/advisories/GHSA-8j3q-gc9x-7972
https://images.chainguard.dev/security/CGA-26qj-8crm-jfxx
https://images.chainguard.dev/security/CGA-3cjr-6ggf-57v6
https://images.chainguard.dev/security/CGA-w5wq-9vmg-3868
https://images.chainguard.dev/security/CGA-q28x-59wg-4f59
https://images.chainguard.dev/security/CGA-cvhh-g5cj-97m6
https://images.chainguard.dev/security/CGA-r29q-mhp7-m2fw
https://images.chainguard.dev/security/CGA-376v-x6mm-4383
https://images.chainguard.dev/security/CGA-xw62-6pmf-h7cc
https://images.chainguard.dev/security/CGA-cpxj-8gvf-cwg6
https://images.chainguard.dev/security/CGA-q9hw-mprx-68x9
https://images.chainguard.dev/security/CGA-896g-mvx3-rvwr
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-21088

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company