CVE-2025-6226

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-6226

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6226.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-6226

Aliases

Downstream

openSUSE-SU-2025:15405-1

Related

openSUSE-SU-2025:15405-1

Published

2025-07-18T09:15:26.993Z

Modified

2026-03-23T05:32:08.035872Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Mattermost versions 10.5.x <= 10.5.6, 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 9.11.x <= 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of recently created posts.

References

https://mattermost.com/security-updates

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type

GIT

Repo

https://github.com/mattermost/mattermost-server

Events

Introduced

0bc2ddd42375a75ab14e63f038165150d4f07659

Fixed

8f8612c63783eff8188330973e4f533b323b4e32

Introduced

58bd34fd34cbd7d3da777d627b6cffdf8a532930

Fixed

341d662939e9482c7701d9fd35b066e5eabbc5a5

Introduced

f6b324a9d71843e8f48eba9e90dfbeabcbac1ae7

Fixed

dca75cc154561525603434721b5db1c48b5cdd6d

Introduced

bb105f3a2785636ad53b2d0bf4027900d41f6a67

Fixed

c2330fb5058d9a15d4d16eaf2c282ae61d45788c

Database specific

{
    "versions": [
        {
            "introduced": "9.11.0"
        },
        {
            "fixed": "9.11.17"
        },
        {
            "introduced": "10.5.0"
        },
        {
            "fixed": "10.5.7"
        },
        {
            "introduced": "10.7.0"
        },
        {
            "fixed": "10.7.4"
        },
        {
            "introduced": "10.8.0"
        },
        {
            "fixed": "10.8.2"
        }
    ]
}

Affected versions

@mattermost/client@10.*

@mattermost/client@10.5.0

@mattermost/client@10.7.0

@mattermost/client@10.8.0

@mattermost/client@9.*

@mattermost/client@9.11.0

@mattermost/types@10.*

@mattermost/types@10.5.0

@mattermost/types@10.7.0

@mattermost/types@10.8.0

@mattermost/types@9.*

@mattermost/types@9.11.0

mattermost-redux@10.*

mattermost-redux@10.7.0

mattermost-redux@10.8.0

v10.*

v10.5.0

v10.5.0-rc6

v10.5.1

v10.5.1-rc1

v10.5.1-rc2

v10.5.2

v10.5.3

v10.5.3-rc1

v10.5.4

v10.5.4-rc1

v10.5.4-rc2

v10.5.5

v10.5.5-rc1

v10.5.6

v10.5.6-rc1

v10.7.0

v10.7.0-rc2

v10.7.1

v10.7.2

v10.7.2-rc1

v10.7.3

v10.7.3-rc1

v10.7.4-rc1

v10.8.0

v10.8.0-rc3

v10.8.1

v9.*

v9.11.0

v9.11.0-rc3

v9.11.1

v9.11.1-rc1

v9.11.10

v9.11.10-rc1

v9.11.11

v9.11.11-rc1

v9.11.12

v9.11.12-rc1

v9.11.13

v9.11.13-rc1

v9.11.14

v9.11.15

v9.11.16

v9.11.16-rc1

v9.11.17-rc1

v9.11.2

v9.11.2-rc1

v9.11.2-rc2

v9.11.3

v9.11.3-rc1

v9.11.3-rc2

v9.11.4

v9.11.4-rc1

v9.11.5

v9.11.5-rc1

v9.11.6

v9.11.6-rc1

v9.11.6-rc2

v9.11.7

v9.11.7-rc1

v9.11.7-rc2

v9.11.7-rc3

v9.11.8

v9.11.9

v9.11.9-rc1

v9.11.9-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6226.json"