CVE-2025-9076
Mattermost Server exposes sensitive user credentials during shared channel membership synchronization
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
15 set 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Produtos afetados
Mattermost · MattermostQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://mattermost.com/security-updates