VYPR
Moderate severityNVD Advisory· Published Apr 14, 2025· Updated Apr 14, 2025

Syatem admin profile modification by delegated granular administration role

CVE-2025-32093

Description

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system administrators via improper permission validation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost-serverGo
>= 10.5.0, < 10.5.210.5.2
github.com/mattermost/mattermost-serverGo
>= 10.4.0, < 10.4.410.4.4
github.com/mattermost/mattermost-serverGo
>= 9.11.0, < 9.11.109.11.10
github.com/mattermost/mattermost/server/v8Go
>= 10.5.0, < 10.5.210.5.2
github.com/mattermost/mattermost/server/v8Go
>= 10.4.0, < 10.4.410.4.4
github.com/mattermost/mattermost/server/v8Go
>= 9.11.0, < 9.11.109.11.10
github.com/mattermost/mattermost/server/v8Go
< 8.0.0-20250227102013-aa4623a931998.0.0-20250227102013-aa4623a93199

Affected products

12

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.