Bookmark Update Vulnerability in Mattermost by Mattermost Inc.
CVE-2025-24920

4.3MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 21 March 2025

What is CVE-2025-24920?

Mattermost versions 10.4.x, 10.3.x, 9.11.x, and 10.5.x exhibit an access control vulnerability that fails to adequately restrict the creation and updating of bookmarks in archived channels. This flaw may allow authenticated users to exploit the system by creating or modifying bookmarks within channels that have been archived, leading to potential unauthorized access to sensitive information.

Affected Version(s)

Mattermost 10.4.0 <= 10.4.2

Mattermost 10.3.0 <= 10.3.3

Mattermost 9.11.0 <= 9.11.8

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2025
Vulnerability Reserved
Mar 20, 2025

Credit

Caleb Roseland