PT-2025-12411 · Mattermost · Mattermost

Mrhashimamin

Published

2025-03-21

Updated

2025-03-28

CVE-2025-27933

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 9.11.x through 9.11.8 Mattermost versions 10.3.x through 10.3.3 Mattermost versions 10.4.x through 10.4.2

Description The issue arises from the failure to enforce channel conversion restrictions. This allows members with permission to convert public channels to private ones to also convert private channels to public, potentially exposing sensitive information.

Recommendations For versions 9.11.x through 9.11.8, update to a version that enforces channel conversion restrictions. For versions 10.3.x through 10.3.3, update to a version that enforces channel conversion restrictions. For versions 10.4.x through 10.4.2, update to a version that enforces channel conversion restrictions.

Fix

LPE

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BIT-MATTERMOST-2025-27933

CVE-2025-27933

GHSA-H5V9-XW2G-7HRQ

GO-2025-3556

OPENSUSE-SU-2025:14937-1

Affected Products

Mattermost

PT-2025-12411 · Mattermost · Mattermost

CVE-2025-27933

Weakness Enumeration

Related Identifiers

Affected Products

References · 44