Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-55074
PUBLISHED
More InfoOfficial Page
Assigner-Mattermost
Assigner Org ID-9302f53e-dde5-4bf3-b2f2-a83f91ac0eee
View Known Exploited Vulnerability (KEV) details
Published At-18 Nov, 2025 | 15:23
Updated At-18 Nov, 2025 | 21:03
Rejected At-
▼CVE Numbering Authority (CNA)
Channel member objects leak read status

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects

Affected Products
Vendor
Mattermost, Inc.Mattermost
Product
Mattermost
Default Status
unaffected
Versions
Affected
  • From 10.11.0 through 10.11.3 (semver)
  • From 10.5.0 through 10.5.11 (semver)
Unaffected
  • 11.0.0
  • 10.11.4
  • 10.5.12
Problem Types
TypeCWE IDDescription
CWECWE-1426CWE-1426: Improper Validation of Generative AI Output
Type: CWE
CWE ID: CWE-1426
Description: CWE-1426: Improper Validation of Generative AI Output
Metrics
VersionBase scoreBase severityVector
3.13.0LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 3.0
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update Mattermost to versions 11.0.0, 10.11.4, 10.5.12 or higher.

Configurations

Workarounds

Exploits

Credits

finder
Juho Forsén
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://mattermost.com/security-updates
N/A
Hyperlink: https://mattermost.com/security-updates
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found