Mattermost · Mattermost · CVE-2025-27715
**Name of the Vulnerable Software and Affected Versions**
Mattermost versions 9.11.x through 9.11.8
**Description**
The issue concerns the lack of explicit approval before adding a team admin to a private channel. This allows team admins to join private channels via crafted permalink links without explicit consent.
**Recommendations**
For Mattermost versions 9.11.x through 9.11.8, consider restricting access to private channels until a fix is available, and ensure that team admins are aware of the potential for unauthorized access to these channels.