Metrics
Affected Vendors & Products
Solution
Update Mattermost to versions 10.3.0, 9.11.6 or higher.
Workaround
No workaround given by the vendor.
Mon, 29 Sep 2025 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost mattermost Server
|
|
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mattermost mattermost Server
|
Sat, 11 Jan 2025 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 09 Jan 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 09 Jan 2025 07:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public. | |
Title | Access control flaw for team admins allows unauthorized team additions | |
Weaknesses | CWE-863 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Mattermost
Published:
Updated: 2025-01-09T15:29:20.571Z
Reserved: 2025-01-08T11:07:12.574Z
Link: CVE-2025-22449

Updated: 2025-01-09T15:29:11.020Z

Status : Analyzed
Published: 2025-01-09T07:15:28.777
Modified: 2025-09-29T17:44:58.717
Link: CVE-2025-22449


Updated: 2025-07-12T15:26:19Z