CVE-2025-0503 — Improper Check for Unusual or Exceptional Conditions in Server

CWE-754 — Improper Check for Unusual or Exceptional Conditions3 documents3 sources

Severity

5.3MEDIUMNVD

CNA3.1

EPSS

0.4%

top 41.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mattermost Server Mattermost

Timeline

PublishedFeb 14

Description

Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDmattermost/mattermost_server9.11.0 — 9.11.7

▶CVEListV5mattermost/mattermost9.11.0 — 9.11.6

🔴Vulnerability Details

GHSA

GHSA-cc72-wc5x-7wmj: Mattermost versions 9↗2025-02-14

▶

CVEList

Leaked User IDs and Metadata of Deleted DMs↗2025-02-14

▶