Relative Path Traversal Affecting github.com/mattermost/mattermost/server/platform/services/docextractor package, versions >=9.11.0 <9.11.16-rc1>=10.5.0 <10.5.6-rc1>=10.6.0 <10.6.6-rc1>=10.7.0 <10.7.3-rc1>=10.8.0 <10.8.1


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.23% (46th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Relative Path Traversal vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-GOLANG-GITHUBCOMMATTERMOSTMATTERMOSTSERVERPLATFORMSERVICESDOCEXTRACTOR-10494023
  • published22 Jun 2025
  • disclosed20 Jun 2025
  • creditDawid Kulikowski

Introduced: 20 Jun 2025

NewCVE-2025-4981  (opens in a new tab)
CWE-23  (opens in a new tab)

How to fix?

Upgrade github.com/mattermost/mattermost/server/platform/services/docextractor to version 9.11.16-rc1, 10.5.6-rc1, 10.6.6-rc1, 10.7.3-rc1, 10.8.1 or higher.

Overview

Affected versions of this package are vulnerable to Relative Path Traversal via the Extract method. An attacker can gain remote code execution by uploading specially crafted archive files containing path traversal sequences in filenames, resulting in files being written to arbitrary locations on the filesystem.

Note: This is only exploitable if file uploads and document search by content are enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true), which are enabled by default.

CVSS Base Scores

version 4.0
version 3.1