Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Communication and Collaboration

Communication and Collaboration

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    20 Jun 2025 Communication and Collaboration
    Mattermost: Arbitrary File Write via Path Traversal in Mattermost Archive Extractor

    In Mattermost versions 10.5.x ≤ 10.5.5, 9.11.x ≤ 9.11.15, 10.8.x ≤ 10.8.0, 10.7.x ≤ 10.7.2 and 10.6.x ≤ 10.6.5 a critical severity vulnerability CVE-2025-4981 was detected. This vulnerability allows authenticated users to write files to arbitrary locations on the filesystem by uploading archives containing path traversal sequences in filenames, potentially leading to remote code execution. This affects instances where file attachments and content extraction are enabled (default configuration). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4981.

    Read more
    Communication
    12 Jun 2025 Communication and Collaboration
    Mattermost: LDAP Search Filter Injection via Improper Group ID Validation

    In Mattermost versions 10.7.x ≤ 10.7.1, 10.6.x ≤ 10.6.3, 10.5.x ≤ 10.5.4 and 9.11.x ≤ 9.11.13 a medium severity vulnerability CVE-2025-4573 was detected. This vulnerability allows an authenticated administrator with the `PermissionSysconsoleWriteUserManagementGroups` permission to perform LDAP search filter injection through the `PUT /api/v4/ldap/groups/{remote_id}/link` API endpoint when `objectGUID` is improperly validated. To address this issue, users should upgrade Mattermost to versions 10.7.2, 10.6.4, 10.5.5, 9.11.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4573.

    Read more
    Communication
    12 Jun 2025 Communication and Collaboration
    Mattermost: Unauthorized Team Information Disclosure via API by Guest Users

    In Mattermost versions 10.5.x ≤ 10.5.4 and 9.11.x ≤ 9.11.13 a low severity vulnerability CVE-2025-4128 was detected. This vulnerability allows guest users to bypass permissions and access information about public teams they are not members of by making direct API calls to /api/v4/teams/{team_id}. To address this issue, users should upgrade Mattermost to versions 10.5.5 for the 10.5.x series or 9.11.14 for the 9.11.x series. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4128.

    Read more
    Communication
    10 Jun 2025 Communication and Collaboration
    Discourse: Denial of Service via Malicious URL in Private Message

    In Discourse versions prior to 3.4.4 (stable branch), 3.5.0.beta5 (beta branch) and 3.5.0.beta6-dev (tests-passed branch) a high severity vulnerability CVE-2025-48053 was detected. This vulnerability allows attackers to reduce the availability of a Discourse instance by sending a malicious URL in a private message to a bot user. To address this issue, users should upgrade Discourse to versions 3.4.4 (stable branch), 3.5.0.beta5 (beta branch) or 3.5.0.beta6-dev (tests-passed branch). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48053.

    Read more
    Communication
    10 Jun 2025 Communication and Collaboration
    Discourse: Arbitrary JavaScript Execution via Codepen iframe in Multiple Branches

    In Discourse prior to version 3.4.4 (stable branch), 3.5.0.beta5 (beta branch) and 3.5.0.beta6-dev (tests-passed branch) a high severity vulnerability CVE-2025-48877 was detected. This vulnerability allows attackers to execute arbitrary JavaScript through Codepen iframes included in the default allowed_iframes site setting. To address this issue, users should upgrade Discourse to versions 3.4.4 (stable branch), 3.5.0.beta5 (beta branch) and 3.5.0.beta6-dev (tests-passed branch). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48877.

    Read more
    Communication
    10 Jun 2025 Communication and Collaboration
    Discourse: HTML Injection in Email Invites via Topic Title

    In Discourse versions prior to 3.4.4 (stable branch), 3.5.0.beta5 (beta branch) and 3.5.0.beta6-dev (tests-passed branch) a high severity vulnerability CVE-2025-48062 was detected. This vulnerability allows HTML injection in email bodies when invites to users without accounts include topic titles containing HTML, affecting both private message and topic invitations with custom messages. To address this issue, users should upgrade Discourse to versions 3.4.4, 3.5.0.beta5 or 3.5.0.beta6-dev. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-48062.

    Read more
    Communication
    2 Jun 2025 Communication and Collaboration
    Mattermost: System Manager Access Control Bypass via API

    In Mattermost versions 10.7.x ≤ 10.7.0, 10.5.x ≤ 10.5.3 and 9.11.x ≤ 9.11.12 a medium severity vulnerability CVE-2025-3611 was detected. This vulnerability allows authenticated users with System Manager privileges to bypass configured access restrictions and view team details through direct API requests, even when access to Teams is explicitly denied in the System Console. To address this issue, users should upgrade Mattermost to versions 10.7.1, 10.5.4, 9.11.13 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3611.

    Read more
    Communication
    2 Jun 2025 Communication and Collaboration
    Mattermost: Token Invalidation Flaw Allows Access After Deactivation

    In Mattermost versions 10.7.x ≤ 10.7.0, 10.6.x ≤ 10.6.2, 10.5.x ≤ 10.5.3 and 9.11.x ≤ 9.11.12 a medium severity vulnerability CVE-2025-3230 was detected. This vulnerability allows deactivated users to retain full system access by continuing to use previously issued personal access tokens, due to improper invalidation of these tokens after deactivation. To address this issue, users should upgrade Mattermost to versions 10.8.0, 10.7.1, 10.6.3, 10.5.4, 9.11.13 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3230.

    Read more
    Communication
    2 Jun 2025 Communication and Collaboration
    Mattermost: OAuth Credential Leakage During User-to-Bot Conversion

    In Mattermost versions 10.7.x ≤ 10.7.0, 10.6.x ≤ 10.6.2, 10.5.x ≤ 10.5.3 and 9.11.x ≤ 9.11.12 a medium severity vulnerability CVE-2025-2571 was detected. This vulnerability allows attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow, due to failure to clear associated Google OAuth credentials when converting user accounts to bot accounts. To address this issue, users should upgrade Mattermost to versions 10.7.1, 10.6.3, 10.5.4 and 9.11.13. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2571.

    Read more
    Communication
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy