Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
WARNING: PATH TRAVERSAL IN MATTERMOST, PATCH IMMEDIATELY!
Image
Veröffentlicht : 25/02/2025
Reference:
Advisory #2025-43
Version:
1.0
Affected software:
Mattermost
Type:
Path Traversal
CVE/CVSS:
CVE-2025-25279: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVE-2025-20051: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
https://mattermost.com/security-updates/
Risks
Mattermost addressed two critical vulnerabilities that allow attackers to read arbitrary files.
Mattermost is a high value target for attackers seeking to expose sensitive data. Exploiting this flaw could severely impact confidentiality, integrity, and availability of business data
Description
CVE-2025-20051 and CVE-2025-25279 are critical vulnerabilities in Mattermost ≤ 10.4.1, 9.11.7, 10.3.2, 10.2.2 due to improper input and board block validation. These flaws allow an attacker to read arbitrary files through crafted board duplication and import archives.
Exploiting this vulnerability could expose sensitive data, disrupt communication, and lead to severe breaches, impacting business security.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.