CVE-2025-2564

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-2564

Severity

4.3

Medium

CVSS V3

Description

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled.

References

https://images.chainguard.dev/security/CGA-fcvp-g7cg-68jv
https://github.com/advisories/GHSA-mj2p-v2c2-vh4v
https://images.chainguard.dev/security/CGA-m3jr-mf36-vg4f
https://images.chainguard.dev/security/CGA-m3h7-363w-7xcg
https://images.chainguard.dev/security/CGA-5prm-qqfp-r4hx
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-2564

Severity

Description

References

Affected packages

Product

Solutions

Customers

Resources

Company