216.73.216.75

CVE-2025-32093

· Published 14/04/2025 07:15 · Modified 14/04/2025 07:15

Labels: CVE-2025-32093 2025-04-14CVE-2025-32093CWE-863[email protected]

Essential information

Published
14/04/2025 07:15
Modified
14/04/2025 07:15
Author
Creator
CVSS
4.7 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CVSS metrics

Description

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system administrators via improper permission validation.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mattermost / mattermost cpe:2.3:a:mattermost:mattermost:10.5.0-10.5.1:*:*:*:*:*:*:*
mattermost / mattermost cpe:2.3:a:mattermost:mattermost:10.4.0-10.4.3:*:*:*:*:*:*:*
mattermost / mattermost cpe:2.3:a:mattermost:mattermost:9.11.0-9.11.9:*:*:*:*:*:*:*

References