Metrics
Affected Vendors & Products
Solution
Update Mattermost to versions 10.4.0, 9.11.7 or higher.
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://mattermost.com/security-updates |
![]() ![]() |
Mon, 29 Sep 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost mattermost Server
|
|
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mattermost mattermost Server
|
Mon, 14 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Sun, 13 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Fri, 14 Feb 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 14 Feb 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database. | |
Title | Leaked User IDs and Metadata of Deleted DMs | |
Weaknesses | CWE-754 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Mattermost
Published:
Updated: 2025-02-14T18:09:02.166Z
Reserved: 2025-01-15T18:13:55.213Z
Link: CVE-2025-0503

Updated: 2025-02-14T18:08:57.286Z

Status : Analyzed
Published: 2025-02-14T18:15:23.870
Modified: 2025-09-29T18:11:58.467
Link: CVE-2025-0503

No data.

Updated: 2025-07-12T15:26:28Z