CVE-2025-0503

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Feb 14, 2025

CWE ID 754

Summary

CVE-2025-0503 is a vulnerability affecting Mattermost versions 9.11.x up to 9.11.6. This issue allows attackers to infer user IDs and other metadata from deleted direct messages (DMs) through the deleted channels endpoint. The vulnerability occurs because the software fails to filter out DMs from the endpoint, enabling an attacker to access information that should have been deleted manually in the database. This can potentially lead to privacy breaches for users of the affected Mattermost instances.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mattermost Server

Affected Vendors

Mattermost, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2gHgkS
https://www.cve.org/CVERecord?id=CVE-2025-0503
https://nvd.nist.gov/vuln/detail/CVE-2025-0503

Back to Vulnerability Database