CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-14573

Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.7%

CVSS Severity

CVSS v3 Score 3.8

References

https://mattermost.com/security-updates

Products affected by CVE-2025-14573

Mattermost » Mattermost Server » Version: 10.11.0

cpe:2.3:a:mattermost:mattermost_server:10.11.0
Mattermost » Mattermost Server » Version: 10.11.1

cpe:2.3:a:mattermost:mattermost_server:10.11.1
Mattermost » Mattermost Server » Version: 10.11.2

cpe:2.3:a:mattermost:mattermost_server:10.11.2
Mattermost » Mattermost Server » Version: 10.11.3

cpe:2.3:a:mattermost:mattermost_server:10.11.3
Mattermost » Mattermost Server » Version: 10.11.4

cpe:2.3:a:mattermost:mattermost_server:10.11.4
Mattermost » Mattermost Server » Version: 10.11.5

cpe:2.3:a:mattermost:mattermost_server:10.11.5
Mattermost » Mattermost Server » Version: 10.11.6

cpe:2.3:a:mattermost:mattermost_server:10.11.6
Mattermost » Mattermost Server » Version: 10.11.7

cpe:2.3:a:mattermost:mattermost_server:10.11.7
Mattermost » Mattermost Server » Version: 10.11.8

cpe:2.3:a:mattermost:mattermost_server:10.11.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-14573

Products

Pricing

Contact Us