CNNVD-202509-3168 Information

CNNVD ID

CNNVD-202509-3168

Related CVE

CVE-2025-9081

• CNNVD Published: 2025-09-21

Description (Chinese)

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.5.8及之前的10.5.x版本和9.11.17及之前的9.11.x版本存在安全漏洞，该漏洞源于访问控制验证不足，可能导致经过身份验证的用户通过UUID枚举下载敏感文件。

Description (English)

Mattermost is an open-source collaborative platform for Mattermost in the United States. There is a security loophole in Mettermost 10.5.8 and earlier versions 10.5.x and 9.11.17 and earlier versions 9.11.x, which stems from inadequate access control verification, which may lead to users with authentication to download sensitive documents via UUID.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Matthias Van Woensel

Published

2025-09-21

Last Modified

2026-02-24

References

https://mattermost.com/security-updates https://access.redhat.com/security/cve/cve-2025-9081

Patch

https://mattermost.com/security-updates/