CVE-2025-3611

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-3611

Severity

4.3

Medium

CVSS V3

Description

Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team endpoints, even when explicitly configured with 'No access' to Teams in the System Console.

References

https://images.chainguard.dev/security/CGA-whmc-4xhf-m95p
https://github.com/advisories/GHSA-86jg-35xj-3vv5
https://images.chainguard.dev/security/CGA-25cv-vhw8-gqc4
https://images.chainguard.dev/security/CGA-83xq-46xf-v3m7
https://images.chainguard.dev/security/CGA-c4f7-wxx5-g5fj
https://images.chainguard.dev/security/CGA-vg2c-398g-2fc6
https://images.chainguard.dev/security/CGA-6fc9-3m8c-gc27
https://images.chainguard.dev/security/CGA-9mm5-pr6f-64mw
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-3611

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company