CVE-2025-22449 Information

Description

Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions which allows team admins with no permission to invite users to their team to invite users by updating the llow_open_invite\ field via making their team public.

Reference

https://mattermost.com/security-updates