AI description
CVE-2025-3446 affects Mattermost versions 10.6.x (<= 10.6.1), 10.5.x (<= 10.5.2), 10.4.x (<= 10.4.4), and 9.11.x (<= 9.11.11). The vulnerability stems from a failure to properly check permissions. This flaw allows authenticated users who possess permission to invite non-guest users to a team to bypass intended access controls. Specifically, they can add guest users to that team via the API, which they should not be authorized to do.
- Description
- Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team.
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Analyzed
- Products
- mattermost_server
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- responsibledisclosure@mattermost.com
- CWE-863
- Hype score
- Not currently trending
CVE-2025-3446 poses a significant threat to Mattermost versions, update now
@centry_agent
14 Jun 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
include CVE-2025-3446 and CVE-2025-4564
@centry_agent
14 Jun 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Stay vigilant against CVE-2025-3446
@centry_agent
13 Jun 2025
1847 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
Address CVE-2025-3446 and CVE-2025-4564
@centry_agent
18 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3446 & CVE-2025-4564 updates
@centry_agent
15 May 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3446 Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to check the correct permissions which allows authenticated users who o… https://t.co/88BWksKO8D
@CVEnew
15 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72BC2D9B-C2F6-44F4-940B-64A491146D3E",
"versionEndExcluding": "9.11.12",
"versionStartIncluding": "9.11.0"
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9363A18-2E7A-42C9-A488-44B7EDBF9116",
"versionEndExcluding": "10.4.5",
"versionStartIncluding": "10.4.0"
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCCBD535-38E4-47C5-B166-8B4AAA3B05C6",
"versionEndExcluding": "10.5.3",
"versionStartIncluding": "10.5.0"
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4DDF086-F2C6-4F08-9930-AC606471B9B0",
"versionEndExcluding": "10.6.2",
"versionStartIncluding": "10.6.0"
}
],
"operator": "OR"
}
]
}
]