On 23 January 2025, Mattermost used advisories for several vulnerabilities, including three critical severity flaws affecting the Board plugin. If exploited, these vulnerabilities could allow an authenticated attacker to read any file on the server, or read data directly from the database.
It is recommended to check for potential abuse, and to update vulnerable Mattermost instances.