Home > Vulnerability Database > CVE-2025-55074

Mend.io Vulnerability Database

CVE-2025-55074

Good to know:

Date: November 18, 2025

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects

Severity Score

3.0

Related Resources (10)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55074

Url: https://github.com/mattermost/mattermost/commit/d72d437f1567ba0b639b6e4fd73bab06c51baab5

Url: https://github.com/mattermost/mattermost/commit/98acefe911dd9de7edf47a7d825dd99f53141a52

Url: https://github.com/advisories/GHSA-9hh7-6558-qfp2

Url: https://github.com/mattermost/mattermost/pull/33835

Url: https://github.com/mattermost/mattermost

Url: https://github.com/mattermost/mattermost/pull/33905

Url: https://github.com/mattermost/mattermost/commit/ba86dfc5876b354b9d3c20ff45c08ca6f8426149

Url: https://mattermost.com/security-updates

Url: https://www.mend.io/vulnerability-database/CVE-2025-55074

Severity Score

3.0

Weakness Type (CWE)

Incorrect Default Permissions

CWE-276

Improper Validation of Generative AI Output

CWE-1426

Top Fix

Upgrade Version

Upgrade to version github.com/mattermost/mattermost-server - v10.11.4;github.com/mattermost/mattermost-server - v10.5.12;github.com/mattermost/mattermost-server - v10.5.12+incompatible

Learn More

CVSS v3.1

Base Score:	3.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55074

Good to know:

Date: November 18, 2025

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?