Unrated severityNVD Advisory· Published Feb 14, 2025· Updated Feb 14, 2025

Leaked User IDs and Metadata of Deleted DMs

CVE-2025-0503

Description

Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database.

Affected products

Mattermost/Mattermostv5
Range: 9.11.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

mattermost.com/security-updatesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000