{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "9.11.0" }, { "fixed": "9.11.18" }, { "introduced": "10.5.0" }, { "fixed": "10.5.9" }, { "introduced": "10.8.0" }, { "fixed": "10.8.4" }, { "introduced": "10.9.0" }, { "fixed": "10.9.3" } ] }, "events": [ { "introduced": "0bc2ddd42375a75ab14e63f038165150d4f07659" }, { "fixed": "11c36f4d1e44c36a85aa682becaa7519f63761cf" }, { "introduced": "58bd34fd34cbd7d3da777d627b6cffdf8a532930" }, { "fixed": "c602a4a78e1f60b9a97ee5bce509ecad4177340c" }, { "introduced": "bb105f3a2785636ad53b2d0bf4027900d41f6a67" }, { "fixed": "6880f9b5908f20c6c4db1456d3a27603af01dd72" }, { "introduced": "14775836a78c8257de08fff229d364755346eff9" }, { "fixed": "b38e2eccda182212a8032539658723c7d87e0b7e" } ], "repo": "https://github.com/mattermost/mattermost-server", "type": "GIT" } ] } ], "details": "Mattermost versions 10.8.x \u003c= 10.8.3, 10.5.x \u003c= 10.5.8, 9.11.x \u003c= 9.11.17, 10.9.x \u003c= 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path components, potentially enabling malicious file placement outside intended directories.", "id": "CVE-2025-8023", "modified": "2026-03-10T21:47:04.169382886Z", "published": "2025-08-21T08:15:30.720Z", "references": [ { "type": "ADVISORY", "url": "https://mattermost.com/security-updates" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }