Unauthorized access and subscription vulnerability in Boards_CVE-2025-13870

3.1 / 10

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does not have access to

Basic Information

ID CVE-2025-13870

Source Mattermost

Published Dec 2, 2025 at 09:28

Affected Product

Vendor Mattermost

Product Mattermost

Version 10.11.0

Affected Versions Mattermost Mattermost 10.11.0
Mattermost Mattermost 10.5.0

CWE Classification

CWE-306

References

mattermost.com /security-updates

{
    "lastseen": "",
    "description": "Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does not have access to",
    "published": "2025-12-02T09:28:44.436Z",
    "modified": "2025-12-02T09:28:44.436Z",
    "type": "cve",
    "title": "Unauthorized access and subscription vulnerability in Boards",
    "source": "Mattermost",
    "references": "https://mattermost.com/security-updates",
    "id": "CVE-2025-13870",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Mattermost Mattermost 10.11.0\nMattermost Mattermost 10.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 3.1,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mattermost",
    "version": "10.11.0",
    "vendor": "Mattermost",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}