PT-2025-47329 · Mattermost · Agents Plugin+1

Juho Forsén

Published

2025-11-18

Updated

2025-12-15

CVE-2025-55074

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3

Description The Mattermost application does not properly enforce access permissions within the Agents plugin. This allows other users to determine when users have read channels by accessing channel member objects.

Recommendations Update Mattermost to a version later than 10.5.11. Update Mattermost to a version later than 10.11.3.

Fix

Incorrect Default Permissions

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1426CWE-276CWE-200

Related Identifiers

BDU:2025-16017

CVE-2025-55074

GHSA-9HH7-6558-QFP2

GO-2025-4133

SUSE-SU-2025:4395-1

Affected Products

Agents Plugin

Mattermost

PT-2025-47329 · Mattermost · Agents Plugin+1

CVE-2025-55074

Weakness Enumeration

Related Identifiers

Affected Products

References · 55