Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Vulnerability in Mattermost (CVE-2025-4981), Patch Immediately!
Image
Published : 23/06/2025
* Last update: 23/06/2025
* Affected software:: Mattermost
* Type: Uncontrolled Search Path Element
* CVE/CVSS
→ CVE-2025-4981: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
Mattermost: https://mattermost.com/security-updates
Risks
A critical vulnerability has been identified in Mattermost, an open-source collaboration platform widely used for secure messaging and file sharing within organizations. The flaw, tracked as CVE-2025-4981, allows authenticated users to upload specially crafted files that can write files to arbitrary locations on the server’s filesystem. This behavior could lead to remote code execution (RCE) under default configurations.
Mattermost is often deployed in environments where secure internal communication and file collaboration are essential. A successful exploitation could allow threat actors to gain unauthorized control of the server, exfiltrate sensitive data, or disrupt internal operations. The vulnerability does not require user interaction beyond uploading a file and is rated 9.9 (Critical) on the CVSS scale.
Although there are no confirmed active exploits in the wild at this time, the ease of exploitation and high potential impact warrant immediate action. Organizations should prioritize patching affected systems to prevent compromise, ensure business continuity, and safeguard sensitive data.
Description
The root cause is insufficient input sanitization in the archive extraction process.
When a user uploads a file with a filename that has path traversal sequences (such as ../../), Mattermost fails to properly validate these paths. As a result, files may be written to arbitrary locations on the server’s filesystem.
This behavior could be leveraged by an attacker to achieve remote code execution. This leads to a high impact on confidentiality, integrity, and availability (CIA), including potential full server compromise.
The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.