Access Control Weakness in Mattermost by Mattermost Inc.

CVE-2025-3611

What is CVE-2025-3611?

Mattermost versions 10.7.x up to 10.7.0, 10.5.x up to 10.5.3, and 9.11.x up to 9.11.12 exhibit a significant access control issue. This flaw allows users with System Manager privileges to improperly access team information via direct API calls to team endpoints, despite restrictions enforced in the System Console. As a result, authenticated users may view sensitive team details they should not be privy to, presenting a risk to organizational data security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References