VYPR
Low severityNVD Advisory· Published Dec 2, 2025· Updated Dec 2, 2025

Unauthorized access and subscription vulnerability in Boards

CVE-2025-13870

Description

Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does not have access to

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost/server/v8Go
< 8.0.0-20250905150616-ba86dfc5876b8.0.0-20250905150616-ba86dfc5876b
github.com/mattermost/mattermostGo
>= 10.11.0, < 10.11.510.11.5
github.com/mattermost/mattermostGo
>= 10.5.0, < 10.5.1310.5.13

Affected products

5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.