icon

We found results for “

CVE-2025-4128

Good to know:

icon

Date: June 11, 2025

Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/{team_id}.

Severity Score

Severity Score

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

icon

Upgrade Version

Upgrade to version github.com/mattermost/mattermost/server/v8 - v8.0.0-20250422131222-701ddc896a10;github.com/mattermost/mattermost-server - v10.5.5;github.com/mattermost/mattermost-server - v9.11.14;https://github.com/mattermost/mattermost.git - v9.11.14;https://github.com/mattermost/mattermost.git - v10.5.5

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us