CVE-2025-2424

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.1 Mattermost versions 9.11.x through 9.11.9

Description: The issue allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation, as the software fails to check if a file has been deleted when creating a bookmark.

Recommendations: For versions 10.5.x through 10.5.1, update to a version later than 10.5.1 to resolve the issue. For versions 9.11.x through 9.11.9, update to a version later than 9.11.9 to resolve the issue. As a temporary workaround, consider restricting access to bookmark creation functionality until a patch is available.