VDB
CISA-2025-11777
CISA-2025-11777
PUBLISHED
CVSS 3.1 LOW
Reported by Mattermost · Published November 13, 2025
Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint
Risk Scores
CVSS 3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mattermost | Mattermost | 10.11.0, 10.5.0, 11.0.0 |
| Mattermost | Mattermost | 10.11.0, 10.5.0, 11.0.0 |
Timeline
- Nov 13, 2025 CVE Published
- Nov 13, 2025 CVE Updated