CVE-2025-1792

EPSS 0.14%
Veröffentlicht 30.05.2025 14:22:08
Zuletzt bearbeitet 15.10.2025 14:15:03
Quelle responsibledisclosure@mattermo
CVE-Watchlists
Login
Unerledigt
Login

Improper Access Control in Mattermost Channel Member API

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mattermost ≫ Mattermost Server Version >= 9.11.0 < 9.11.13

Mattermost ≫ Mattermost Server Version >= 10.5.0 < 10.5.4

Mattermost ≫ Mattermost Server Version >= 10.7.0 < 10.7.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.336

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
responsibledisclosure@mattermost.com	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://mattermost.com/security-updates

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-1792

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1792

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1792

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-1792