CVE-2025-24866 Information

Description

Mattermost versions 9.11.x <= 9.11.8  fail to enforce proper access controls on the /api/v4/audits endpoint allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs.

Reference

https://mattermost.com/security-updates