Access Control Weakness in Mattermost by Mattermost Inc.
CVE-2025-3611

3.1LOW

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 30 May 2025

What is CVE-2025-3611?

Mattermost versions 10.7.x up to 10.7.0, 10.5.x up to 10.5.3, and 9.11.x up to 9.11.12 exhibit a significant access control issue. This flaw allows users with System Manager privileges to improperly access team information via direct API calls to team endpoints, despite restrictions enforced in the System Console. As a result, authenticated users may view sensitive team details they should not be privy to, presenting a risk to organizational data security.

Affected Version(s)

Mattermost 10.7.0

Mattermost 10.5.0 <= 10.5.3

Mattermost 9.11.0 <= 9.11.12

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2025
Vulnerability Reserved
Apr 14, 2025

Credit

hackit_bharat