Vulnerabilities > CVE-2025-27715 - Incorrect Authorization vulnerability in Mattermost Server

047910
CVSS 2.7 - LOW
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
mattermost
CWE-863
NVD
Published: 2025-03-21
Updated: 2025-03-27

Summary

Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.

Vulnerable Configurations

Part Description Count
Application
Mattermost
23

Common Weakness Enumeration (CWE)

References