cbcvebase.
CVE-2025-22449
published 2025-01-09

CVE-2025-22449: Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite…

low3.8CVSS 3.1
AVNACLPRHUINSUCLILAN
Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public.

Affected

5 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server>= 9.11.0+incompatible
github.commattermost_mattermost_server_v8>= 0 < 8.0.0-20250102081831-64c566a8280b8.0.0-20250102081831-64c566a8280b
github.commattermost_mattermost_server_v8>= 9.11.0 < 9.11.69.11.6
mattermostmattermost9.11.0 – 9.11.5
mattermostmattermost_server>= 9.11.0 < 9.11.69.11.6