CVE-2025-2527

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.2 Mattermost versions 9.11.x through 9.11.11

Description: The issue is related to improper verification of a user's permissions when accessing groups. This allows an attacker to view group information via an API request.

Recommendations: For Mattermost versions 10.5.x through 10.5.2, update to a version later than 10.5.2 to resolve the issue. For Mattermost versions 9.11.x through 9.11.11, update to a version later than 9.11.11 to resolve the issue. As a temporary workaround, consider restricting access to group information via API requests until a patch is available.