/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CVE-2025-41423

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-41423

Severity

4.3

Medium

CVSS V3

Description

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without channel access or appropriate permissions.

References

  • https://images.chainguard.dev/security/CGA-h7vh-r3m6-7x3f
  • https://github.com/advisories/GHSA-fr22-5377-f3p7
  • https://images.chainguard.dev/security/CGA-wwf3-684f-j697
  • https://images.chainguard.dev/security/CGA-fq85-8c4q-xrj4
  • https://images.chainguard.dev/security/CGA-3mg4-q86x-ghq7
  • https://mattermost.com/security-updates

Affected packages

Safe Source for Open Source™
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal