| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-4981 | Path Traversal Leading to RCE by Any Authenticated Mattermost User | Mattermost | Mattermost | Critical | 9.9 | 2025-06-20 10:27:13 | Deep Dive |
| CVE-2025-4128 | Mattermost Guest User Information Disclosure Vulnerability | Mattermost | Mattermost | Low | 3.1 | 2025-06-11 10:25:05 | Deep Dive |
| CVE-2025-4573 | LDAP Injection in Mattermost Enterprise Edition When Using Active Directory | Mattermost | Mattermost | Medium | 4.1 | 2025-06-11 10:22:24 | Deep Dive |
| CVE-2025-3611 | Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions | Mattermost | Mattermost | Low | 3.1 | 2025-05-30 14:22:10 | Deep Dive |
| CVE-2025-3230 | Bypass of System Admin User Deactivation Controls for Personal Access Tokens in Mattermost Server | Mattermost | Mattermost | Medium | 5.4 | 2025-05-30 14:22:09 | Deep Dive |
| CVE-2025-2571 | Google OAuth Authentication Bypass for Converted Bot Accounts | Mattermost | Mattermost | Medium | 4.2 | 2025-05-30 14:22:09 | Deep Dive |
| CVE-2025-1792 | Improper Access Control in Mattermost Channel Member API | Mattermost | Mattermost | Low | 3.1 | 2025-05-30 14:22:08 | Deep Dive |
| CVE-2025-3913 | Team Privacy Settings Authorization Bypass in Mattermost Server | Mattermost | Mattermost | Medium | 5.3 | 2025-05-29 15:10:37 | Deep Dive |
| CVE-2025-2570 | System Admin Cannot Access Environment settings in System Console While System Manager Can | Mattermost | Mattermost | Low | 2.7 | 2025-05-15 15:27:50 | Deep Dive |
| CVE-2025-2527 | Improper access control to group information | Mattermost | Mattermost | Medium | 4.3 | 2025-05-15 15:27:50 | Deep Dive |
| CVE-2025-3446 | Members Without Guest Invite Permissions Can Add Guests to Teams | Mattermost | Mattermost | Medium | 4.3 | 2025-05-15 10:43:47 | Deep Dive |
| CVE-2025-31947 | Repeated LDAP login failures can lock an LDAP account | Mattermost | Mattermost | Medium | 5.8 | 2025-05-15 10:41:42 | Deep Dive |
| CVE-2025-41423 | Unauthorized Playbooks Post Deletion in Mattermost Playbooks Plugin | Mattermost | Mattermost | Low | 3.1 | 2025-04-24 06:50:12 | Deep Dive |
| CVE-2025-35965 | DoS in Mattermost Playbooks via Excessive Task Actions | Mattermost | Mattermost | Medium | 6.5 | 2025-04-24 06:49:23 | Deep Dive |
| CVE-2025-41395 | Webapp DoS via malicious retrospective post in Playbooks | Mattermost | Mattermost | Medium | 6.5 | 2025-04-24 06:48:31 | Deep Dive |
| CVE-2025-2564 | Unauthorized View Access to Archived Channel Member Info | Mattermost | Mattermost | Medium | 4.3 | 2025-04-16 16:12:15 | Deep Dive |
| CVE-2025-27936 | Webhook Secret Exposure via Timing attack in MSteams plugin | Mattermost | Mattermost | Medium | 5.3 | 2025-04-16 09:14:55 | Deep Dive |
| CVE-2025-31363 | Data exfiltration via AI plugin Jira tool | Mattermost | Mattermost | Low | 3.0 | 2025-04-16 09:14:16 | Deep Dive |
| CVE-2025-27571 | Channel metadata visible in archived channels despite configuration setting | Mattermost | Mattermost | Medium | 4.3 | 2025-04-16 07:45:59 | Deep Dive |
| CVE-2025-27538 | MFA Enforcement Bypass Allows Unauthorized Removal of MFA for Other Users | Mattermost | Mattermost | Low | 2.2 | 2025-04-16 07:45:01 | Deep Dive |