CVE-2025-32093

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.1 Mattermost versions 10.4.x through 10.4.3 Mattermost versions 9.11.x through 9.11.9

Description: The issue arises from the failure to restrict certain operations on system admins to only other system admins. This allows delegated granular administration users with the Edit Other Users permission to perform unauthorized modifications to system administrators via improper permission validation.

Recommendations: For Mattermost versions 10.5.x through 10.5.1, update to a version that properly restricts operations on system admins. For Mattermost versions 10.4.x through 10.4.3, update to a version that properly restricts operations on system admins. For Mattermost versions 9.11.x through 9.11.9, update to a version that properly restricts operations on system admins. As a temporary workaround, consider restricting the Edit Other Users permission to prevent unauthorized modifications to system administrators.