CVE-2025-9076

EUVD-2025-29165
Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
MattermostCNA
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
mattermostmattermost_server
10.10.0 ≤
𝑥
< 10.10.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mattermostmattermost
10.10.0 ≤
𝑥
≤ 10.10.1
CNA
Common Weakness Enumeration
References
https://mattermost.com/security-updates