216.73.217.86

CVE-2025-0503

· Published 14/02/2025 18:15 · Modified 14/02/2025 18:15

Labels: CVE-2025-0503 2025-02-14CVE-2025-0503CWE-754[email protected]

Essential information

Published
14/02/2025 18:15
Modified
14/02/2025 18:15
Author
Creator
CVSS
3.1 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References