Home

Description

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels.

PUBLISHED Reserved 2025-03-20 | Published 2025-03-21 | Updated 2025-03-21 | Assigner Mattermost




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-863: Incorrect Authorization

Product status

Default status
unaffected

10.4.0 (semver)
affected

10.3.0 (semver)
affected

9.11.0 (semver)
affected

10.5.0
unaffected

10.4.3
unaffected

10.3.4
unaffected

9.11.9
unaffected

Credits

hackit_bharat finder

References

mattermost.com/security-updates

cve.org (CVE-2025-25274)

nvd.nist.gov (CVE-2025-25274)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.