### [CVE-2025-20088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20088)
![](https://img.shields.io/static/v1?label=Product&message=Mattermost&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.1.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.2.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.11.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1287%3A%20Improper%20Validation%20of%20Specified%20Type%20of%20Input&color=brightgreen)

### Description

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.

### POC

#### Reference
- https://mattermost.com/security-updates

#### Github
- https://github.com/c0rydoras/cves