Home > Vulnerability Database > CVE-2025-11579

Mend.io Vulnerability Database

CVE-2025-11579

Good to know:

Date: October 10, 2025

Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does not have access to

Severity Score

5.3

Related Resources (7)

Url: https://github.com/nwaples/rardecode

Url: https://pkg.go.dev/vuln/GO-2025-4020

Url: https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9

Url: https://github.com/advisories/GHSA-rwvp-r38j-9rgg

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11579

Url: https://mattermost.com/security-updates

Url: https://www.mend.io/vulnerability-database/CVE-2025-11579

Severity Score

5.3

Weakness Type (CWE)

Missing Authentication for Critical Function

CWE-306

Memory Allocation with Excessive Size Value

CWE-789

Top Fix

Upgrade Version

Upgrade to version github.com/nwaples/rardecode/v2 - v2.2.0;https://github.com/nwaples/rardecode.git - v2.2.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11579

Good to know:

Date: October 10, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?