6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-21088

GHSA ID

GHSA-8j3q-gc9x-7972

EPSS Score

0.27181%

CWE

CWE-704

Published

1/15/2025

Updated

1/17/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-21088

CVE-2025-21088: Mattermost Incorrect Type Conversion or Cast

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-21088

CVE-2025-21088:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-21088

GHSA ID

GHSA-8j3q-gc9x-7972

EPSS Score

0.27181%

CWE

CWE-704

Published

1/15/2025

Updated

1/17/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/mattermost/mattermost/server/v8	go	>= 10.2.0, < 10.2.1	10.2.1
github.com/mattermost/mattermost/server/v8	go	>= 10.1.0, <= 10.1.3	10.1.4
github.com/mattermost/mattermost/server/v8	go	>= 10.0.0, <= 10.0.3	10.0.4
github.com/mattermost/mattermost/server/v8	go	>= 9.11.0, <= 9.11.5	9.11.6
github.com/mattermost/mattermost/server/v8	go	< 8.0.0-20241127161322-25ff7a3779a5	8.0.0-20241127161322-25ff7a3779a5

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper type validation in post.props.attachments processing. Based on the CWE-704 description and Mattermost's architecture:

PostAction unmarshalling is a prime candidate as it directly handles user-controlled input
Attachment processing functions would be responsible for validating action styles
The frontend crash suggests type safety failures in data serialization
Confidence is medium due to lack of direct patch/diff evidence, but these are logical locations based on the described attack vector and component structure

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-21088: Mattermost Incorrect Type Conversion or Cast

CVE-2025-21088:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

6.5

6.5

CVE-2025-21088: Mattermost Incorrect Type Conversion or Cast

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-21088: Mattermost Incorrect Type Conversion or Cast

CVE-2025-21088:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

6.5

6.5

CVE-2025-21088: Mattermost Incorrect Type Conversion or Cast

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI