CVE-2025-10545
16.10.2025, 09:15
Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/members` endpointEnginsight| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 10.5.0 ≤ 𝑥 < 10.5.11 |
| mattermost | mattermost_server | 10.11.0 ≤ 𝑥 < 10.11.3 |
𝑥
= Vulnerable software versions
References