User Data Exposure in Mattermost Server Due to Insufficient Sanitization
CVE-2025-9076

6.5MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 15 September 2025

What is CVE-2025-9076?

Mattermost Server versions 10.10.x prior to 10.10.2 have a vulnerability that arises from inadequate sanitization of user data during the synchronization of shared channel memberships. This flaw enables malicious or compromised remote clusters to access sensitive user information through unsanitized user objects, posing a significant security risk for organizations utilizing shared channels.

Affected Version(s)

Mattermost 10.10.0 <= 10.10.1

Mattermost 10.11.0

Mattermost 10.10.2

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Aug 15, 2025

Credit

daw10