CVE-2025-20033

MEDIUM Year: 2025
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-1287
View all →

Vulnerability Description

Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props.

Related Vulnerabilities

CVE-2023-47727

MEDIUM
CVSS:4.3(Medium)

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input v...

CWE-12872023

CVE-2024-47261

MEDIUM
CVSS:4.3(Medium)

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access t...

CWE-12872024

CVE-2025-0476

MEDIUM
CVSS:4.3(Medium)

Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the s...

CWE-12872025

CVE-2025-24804

MEDIUM
CVSS:4.3(Medium)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentati...

CWE-12872025

CVE-2023-3906

LOW
CVSS:3.5(Low)

An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft ...

CWE-12872023

CVE-2023-2673

MEDIUM
CVSS:5.3(Medium)

Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the M...

CWE-12872023