CVE-2025-14573

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-14573

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14573.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-14573

Aliases

GHSA-cgjg-p2m2-qm4p
GO-2026-4523

Downstream

SUSE-SU-2026:0757-1

Related

SUSE-SU-2026:0757-1

Published

2026-02-16T13:16:00.623Z

Modified

2026-03-04T22:29:03.586288Z

Severity

2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost-server
Events: Introduced

5b955468ea1ea8b56c0fb10feb258a36a767d7bb

Fixed

ba27ba1f8cb1ffe2b1a79dc3d15a3ffa7de12fd7

Affected versions

@mattermost/client@10.*

@mattermost/client@10.11.0

@mattermost/types@10.*

@mattermost/types@10.11.0

mattermost-redux@10.*

mattermost-redux@10.11.0

v10.*

v10.11.0

v10.11.0-rc3

v10.11.1

v10.11.1-rc1

v10.11.2

v10.11.2-rc1

v10.11.2-rc2

v10.11.3

v10.11.4

v10.11.4-rc1

v10.11.4-rc2

v10.11.4-rc3

v10.11.5

v10.11.6

v10.11.7

v10.11.8

v10.11.9

v10.11.9-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14573.json"