CVE-2025-10545

🗓️ 16 Oct 2025 08:24:25Reported by MattermostType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 14 Views🌐 WEB

Guest users can add private channel members due to improper validation in channel membership on Mattermost 10.5.x and 10.11.x.

Reporter	Title	Published	Views	Family All 20
Circl	CVE-2025-10545	16 Oct 202509:17	–	circl
CNNVD	Mattermost 安全漏洞	16 Oct 202500:00	–	cnnvd
CNVD	Unspecified Vulnerability in Mattermost (CNVD-2025-24795)	21 Oct 202500:00	–	cnvd
Cvelist	CVE-2025-10545 Guest user can add unauthorized team users to private channels	16 Oct 202508:24	–	cvelist
EUVD	EUVD-2025-34728	16 Oct 202509:30	–	euvd
Github Security Blog	Mattermost has an Incorrect Authorization vulnerability	16 Oct 202509:30	–	github
Tenable Nessus	Mattermost Server 10.5.x < 10.5.11 / 10.11.x < 10.11.3 / 10.12.0 Multiple Vulnerabilities (MMSA-2025-00497, MMSA-2025-00496, MMSA-2025-00516)	22 Oct 202500:00	–	nessus
NVD	CVE-2025-10545	16 Oct 202509:15	–	nvd
OPENSUSE Linux	govulncheck-vulndb-0.0.20251105T184115-1.1 on GA media (moderate)	8 Nov 202500:00	–	opensuse
OSV	GHSA-424H-XJ87-M937 Mattermost has an Incorrect Authorization vulnerability	16 Oct 202509:30	–	osv

NVD

Node

mattermost mattermost_serverRange10.5.0–10.5.11

mattermost mattermost_serverRange10.11.0–10.11.3

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "10.5.10",
        "status": "affected",
        "version": "10.5.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.11.2",
        "status": "affected",
        "version": "10.11.0",
        "versionType": "semver"
      },
      {
        "version": "10.12.0",
        "status": "unaffected"
      },
      {
        "version": "10.5.11",
        "status": "unaffected"
      },
      {
        "version": "10.11.3",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

Parameter	Position	Path	Description	CWE
channel_id	path	api/v4/channels/{channel_id}/members	Guest users can add any team member to private channels due to improper permission validation on the /api/v4/channels/{channel_id}/members endpoint.	CWE-863
members	path	api/v4/channels/{channel_id}/members	Guest users can add any team member to private channels due to improper permission validation on the /api/v4/channels/{channel_id}/members endpoint.	CWE-863

17 Jun 2026 08:28Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.13.1 - 4.3

EPSS0.00306

SSVC

CWE-863