CVE-2025-12756

| EUVD-2025-200087 MEDIUM
2025-12-01 [email protected] GHSA-p6gj-jc38-x2m7
4.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 13:34 euvd
EUVD-2025-200087
Analysis Generated
Mar 15, 2026 - 13:34 vuln.today
CVE Published
Dec 01, 2025 - 20:15 nvd
MEDIUM 4.3

Tags

Authentication Bypass Debian Mattermost Server Suse

Description

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.

Analysis

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.

Technical Context

This vulnerability is classified as Incorrect Authorization (CWE-863).

Affected Products

Affected products: Mattermost Mattermost Server

Remediation

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Priority Score

22
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +22
POC: 0

Vendor Status

Debian

Bug #823556
mattermost-server
Release Status Fixed Version Urgency
open - -

Share

CVE-2025-12756 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy