CVE-2025-1412 Information

Description

Mattermost versions 9.11.x <= 9.11.6 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot with allows the converted user to escalate their privileges depending on the permissions granted to the bot.

Reference

https://mattermost.com/security-updates