CVE-2025-41436

CVSS v3.1

4.3

Medium

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11.0

Description Mattermost fails to correctly implement the "Allow users to view archived channels" setting. This allows regular users to access content and files within archived channels through the "Open in Channel" feature when accessing followed threads.

Recommendations Update to version 11.0 or later.

Fix

Incorrect Authorization

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-284

Related Identifiers

BDU:2025-16016

CVE-2025-41436

GHSA-X3HX-CH7P-8XGG

GO-2025-4131

Affected Products

Mattermost

CVE-2025-41436

Weakness Enumeration

Related Identifiers

Affected Products

References · 12