EUVD-2025-16492

Malicious code in bioql PyPI...

Mattermost Server 9.11.x < 9.11.13 / 10.5.x < 10.5.4 / 10.7.x < 10.7.1 Multiple Vulnerabilities (MMSA-2025-00457, MMSA-2025-00462)

The version of Mattermost Server installed on the remote host is prior to 9.11.13, 10.5.4, or 10.7.1. It is, therefore, affected by multiple vulnerabilities as referenced in the MMSA-2025-00457 and MMSA-2025-00462 advisories. - Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.1...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of access control restrictions for System Manager roles. An attacker can gain unauthorized access via direct API requests to team endpoints and perform actions reserved for System...

GO-2025-3728 Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server

Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server...

CVE-2025-3611

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

Mattermost fails to properly enforce access control restrictions for System Manager roles

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

CVE-2025-3611

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

CVE-2025-3611

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

PT-2025-23309 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.7.x through 10.7.0 Mattermost versions 10.5.x through 10.5.3 Mattermost versions 9.11.x through 9.11.12 Description: The issue is related to the failure of Mattermost to properly enforce access control restrictions for...