CVE-2025-6226
Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of recently created posts.
Vendor
Product
CWE
Yayın Tarihi
2025-07-18 09:15:26
Güncelleme
2025-10-02 19:49:18
Source Identifier
responsibledisclosure@mattermost.com
KEV Date Added
-