Vulnerability Database
296,663
Total vulnerabilities in the database
CVE-2025-10545
Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/{channel_id}/members endpoint
| Software | From | Fixed in |
|---|---|---|
github.com/mattermost/mattermost/server/v8
|
- | 8.0.0-20250820115038-ff30b84049f0 |
|
github.com/mattermost/mattermost-server
|
10.5.0 | 10.5.11 |
|
github.com/mattermost/mattermost-server
|
10.11.0 | 10.11.3 |
- https://github.com/mattermost/mattermost/commit/fb9c583f5e466a566a5122154ef337bbf2238902
- https://github.com/mattermost/mattermost/commit/ff30b84049f0193f0570d30e46cffc3602298c67
- https://github.com/mattermost/mattermost/pull/31319
- https://github.com/mattermost/mattermost/pull/33827
- https://mattermost.com/security-updates
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime