Vulnerability Database

315,050

Total vulnerabilities in the database

CVE-2025-0503

Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database.

Published: Feb 14, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-0503
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.1
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-754

Affected Software
References

Software	From	Fixed in
mattermost / mattermost_server	9.11.0	9.11.7

https://mattermost.com/security-updates

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo