CVE-2025-10545
16.10.2025, 09:15
Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/members` endpointEnginsightAwaiting analysis
This vulnerability is currently awaiting analysis.
References