CVE-2025-27571

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27571
Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
History

01 Oct 2025, 18:20

Type Values Removed Values Added
CPE cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory
First Time Mattermost mattermost Server
Mattermost

16 Apr 2025, 13:25

Type Values Removed Values Added
Summary
  • (es) Las versiones de Mattermost 10.5.x &lt;= 10.5.1, 10.4.x &lt;= 10.4.3, 9.11.x &lt;= 9.11.9 no marcan la configuración "Permitir a los usuarios ver canales archivados" al obtener los metadatos del canal de una publicación de canales archivados, lo que permite que los usuarios autenticados accedan a dicha información cuando un canal está archivado.

16 Apr 2025, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-16 08:15

Updated : 2025-10-01 18:20

NVD link : CVE-2025-27571

Mitre link : CVE-2025-27571

CVE.ORG link : CVE-2025-27571

JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
CWE-863

Incorrect Authorization