/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CVE-2025-41423

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-41423

Severity

4.3

Medium

CVSS V3

Description

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without channel access or appropriate permissions.

References

  • https://images.chainguard.dev/security/CGA-h7vh-r3m6-7x3f

Affected packages


Safe Source for Open Source™
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing