Home

Description

Mattermost versions 10.5.x <= 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts

PUBLISHED Reserved 2025-07-22 | Published 2025-08-21 | Updated 2025-08-21 | Assigner Mattermost




LOW: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Problem types

CWE-863: Incorrect Authorization

Product status

Default status
unaffected

10.5.0
affected

10.10.0
unaffected

10.5.9
unaffected

Credits

Juho Forsén finder

References

mattermost.com/security-updates

cve.org (CVE-2025-49810)

nvd.nist.gov (CVE-2025-49810)

Download JSON