CVE-2025-27571

Name of the Vulnerable Software and Affected Versions Mattermost versions 9.11.x through 9.11.9 Mattermost versions 10.4.x through 10.4.3 Mattermost versions 10.5.x through 10.5.1

Description The issue arises from the failure to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels. This allows authenticated users to access such information when a channel is archived.

Recommendations For versions 9.11.x through 9.11.9, update the configuration to properly enforce the "Allow Users to View Archived Channels" setting. For versions 10.4.x through 10.4.3, ensure that the channel metadata access is restricted based on the "Allow Users to View Archived Channels" configuration. For versions 10.5.x through 10.5.1, modify the channel metadata fetching process to account for the "Allow Users to View Archived Channels" setting, preventing unauthorized access to archived channel information.