Unauthorized access to archived channel content via threads interface

3.1 / 10

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads

Basic Information

ID CVE-2025-41436

Source Mattermost

Published Nov 14, 2025 at 08:00

Affected Product

Vendor Mattermost

Product Mattermost

Version <11.0

Affected Versions Mattermost Mattermost <11.0

CWE Classification

CWE-863

References

mattermost.com /security-updates

{
    "lastseen": "",
    "description": "Mattermost versions <11.0 fail to properly enforce the \"Allow users to view archived channels\" setting which allows regular users to access archived channel content and files via the \"Open in Channel\" functionality from followed threads",
    "published": "2025-11-14T08:00:42.467Z",
    "modified": "2025-11-14T08:00:42.467Z",
    "type": "cve",
    "title": "Unauthorized access to archived channel content via threads interface",
    "source": "Mattermost",
    "references": "https://mattermost.com/security-updates",
    "id": "CVE-2025-41436",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "Mattermost Mattermost <11.0",
    "sourceHref": "",
    "cvss": {
        "score": 3.1,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mattermost",
    "version": "<11.0",
    "vendor": "Mattermost",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Unauthorized access to archived channel content via threads interface_CVE-2025-41436