VDB

CISA-2025-11777

CISA-2025-11777 PUBLISHED CVSS 3.1 LOW

Reported by Mattermost · Published November 13, 2025

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint

Risk Scores

CVSS 3.1
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
MattermostMattermost10.11.0, 10.5.0, 11.0.0
MattermostMattermost10.11.0, 10.5.0, 11.0.0

Timeline

  • Nov 13, 2025 CVE Published
  • Nov 13, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›