CVE-2025-10545 - Vulnerability Details - OpenCVE

Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/members` endpoint

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-424h-xj87-m937	Mattermost has an Incorrect Authorization vulnerability

Fixes

Solution

Update Mattermost to versions 10.12.0, 10.5.11, 10.11.3 or higher.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://mattermost.com/security-updates

History

Thu, 16 Oct 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 16 Oct 2025 08:30:00 +0000

Type	Values Removed	Values Added
Description		Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/members` endpoint
Title		Guest user can add unauthorized team users to private channels
Weaknesses		CWE-863
References		https://mattermost.com/security-updates
Metrics		cvssV3_1 `{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2025-10-16T08:24:25.928Z

Updated: 2025-10-16T14:14:09.887Z

Reserved: 2025-09-16T08:41:00.850Z

Link: CVE-2025-10545

Vulnrichment

Updated: 2025-10-16T14:13:35.600Z

NVD

Status : Awaiting Analysis

Published: 2025-10-16T09:15:33.137

Modified: 2025-10-16T15:28:59.610

Link: CVE-2025-10545

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-10545", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2025-09-16T08:41:00.850Z", "datePublished": "2025-10-16T08:24:25.928Z", "dateUpdated": "2025-10-16T14:14:09.887Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "10.5.10", "status": "affected", "version": "10.5.0", "versionType": "semver"}, {"lessThanOrEqual": "10.11.2", "status": "affected", "version": "10.11.0", "versionType": "semver"}, {"version": "10.12.0", "status": "unaffected"}, {"version": "10.5.11", "status": "unaffected"}, {"version": "10.11.3", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "lordwillmore"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/members` endpoint"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW", "baseScore": 3.1}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-863: Incorrect Authorization", "cweId": "CWE-863"}]}], "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"value": "Update Mattermost to versions 10.12.0, 10.5.11, 10.11.3 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2025-00497", "defect": ["https://mattermost.atlassian.net/browse/MM-64444"], "discovery": "EXTERNAL"}, "title": "Guest user can add unauthorized team users to private channels", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2025-10-16T08:24:25.928Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-16T14:13:30.975814Z", "id": "CVE-2025-10545", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-16T14:14:09.887Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10545", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-16T14:13:30.975814Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-16T14:13:35.600Z"}}], "cna": {"title": "Guest user can add unauthorized team users to private channels", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-64444"], "advisory": "MMSA-2025-00497", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "lordwillmore"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "10.5.0", "versionType": "semver", "lessThanOrEqual": "10.5.10"}, {"status": "affected", "version": "10.11.0", "versionType": "semver", "lessThanOrEqual": "10.11.2"}, {"status": "unaffected", "version": "10.12.0"}, {"status": "unaffected", "version": "10.5.11"}, {"status": "unaffected", "version": "10.11.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 10.12.0, 10.5.11, 10.11.3 or higher."}], "references": [{"url": "https://mattermost.com/security-updates"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/members` endpoint"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2025-10-16T08:24:25.928Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10545", "state": "PUBLISHED", "dateUpdated": "2025-10-16T14:14:09.887Z", "dateReserved": "2025-09-16T08:41:00.850Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2025-10-16T08:24:25.928Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.1"}