CVE-2025-21088: Mattermost Incorrect Type Conversion or Cast
(updated )
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action’s style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.
References
Detect and mitigate CVE-2025-21088 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →