CVE-2025-0503

Common Vulnerabilities and Exposures

Last Post by kajal 22 hours ago

1 Posts

1 Users

0 Reactions

12 Views

RSS

kajal

(@kajal)

Posts: 379

Reputable Member

Topic starter

Description

Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database.

References

https://mattermost.com/security-updates

https://nvd.nist.gov/vuln/detail/CVE-2025-05035

Posted : 21/02/2026 4:18 am

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed