CVE-2025-27715
published 2025-03-21CVE-2025-27715: Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private…
low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 9.11.0+incompatible < 9.11.9+incompatible | 9.11.9+incompatible |
| github.com | mattermost_mattermost_server_v8 | >= 9.11.0 < 9.11.9 | 9.11.9 |
| mattermost | mattermost | 9.11.0 – 9.11.8 | — |
| mattermost | mattermost_server | >= 9.11.0 < 9.11.9 | 9.11.9 |