CVE-2025-3228 Information

Description

Mattermost versions 10.5.x <= 10.5.5 9.11.x <= 9.11.15 10.8.x <= 10.8.0 10.7.x <= 10.7.2 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run.

Reference

https://mattermost.com/security-updates