Home > Vulnerability Database > CVE-2025-41436

Mend.io Vulnerability Database

CVE-2025-41436

Good to know:

Date: November 14, 2025

Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads

Severity Score

3.1

Related Resources (6)

Url: https://github.com/advisories/GHSA-x3hx-ch7p-8xgg

Url: https://github.com/mattermost/mattermost/commit/c8d66301415d5b447df0e829bdbaa92e8a83ecf8

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-41436

Url: https://github.com/mattermost/mattermost

Url: https://mattermost.com/security-updates

Url: https://www.mend.io/vulnerability-database/CVE-2025-41436

Severity Score

3.1

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version github.com/mattermost/mattermost - v11.0.0;github.com/mattermost/mattermost-server - v11.0.0-alpha.1;github.com/mattermost/mattermost-server - v11.0.0-alpha.1+incompatible;github.com/mattermost/mattermost/server/v8 - v8.0.0-20250815165020-c8d66301415d

Learn More

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-41436

Good to know:

Date: November 14, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?