Plattform
go
Komponente
github.com/mattermost/mattermost
Behoben in
10.11.5
10.5.13
8.0.0-20250905150616-ba86dfc5876b
10.5.13+incompatible
10.5.13+incompatible
CVE-2025-13870 describes a permission bypass vulnerability within the Boards feature of Mattermost. This flaw allows an attacker to circumvent user authorization checks, potentially granting them unauthorized access to sensitive board data and functionalities. The vulnerability impacts versions of Mattermost prior to 10.5.13+incompatible, and a patch is available in that version.
Successful exploitation of CVE-2025-13870 could allow an attacker to gain unauthorized access to Mattermost Boards. This could manifest as the ability to view, modify, or delete board data, tasks, and related information without proper authorization. Depending on the board's configuration and the permissions assigned to users, the impact could range from limited access to a specific board to broader control over multiple boards and associated data. The potential for data breaches and disruption of workflows exists if an attacker can manipulate board content or user roles.
CVE-2025-13870 has a LOW CVSS score, indicating a lower probability of exploitation. As of the publication date (2025-12-08), there are no publicly known proof-of-concept exploits. The vulnerability is not currently listed on KEV or EPSS, suggesting no immediate active campaigns are known. Monitor security advisories and Mattermost's official channels for updates.
Exploit-Status
EPSS
0.04% (12% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-13870 is to upgrade Mattermost to version 10.5.13+incompatible or later. If an immediate upgrade is not feasible, consider implementing stricter access controls within Mattermost Boards to limit the potential impact of unauthorized access. Review and audit existing board permissions to ensure they are appropriately configured. While a direct workaround is not available, regularly monitoring Mattermost logs for suspicious activity related to board access and modifications can help detect potential exploitation attempts.
Aktualisieren Sie Mattermost auf die neueste verfügbare Version. Betroffene Versionen ermöglichen unautorisierten Zugriff auf Dateien und Abonnements in Boards. Weitere Details und spezifische Update-Anweisungen finden Sie in der Mattermost Sicherheitsankündigung.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-13870 is a LOW severity vulnerability in Mattermost Boards that allows attackers to bypass user permission checks, potentially gaining unauthorized access to board data.
You are affected if you are running Mattermost versions prior to 10.5.13+incompatible and utilize the Boards feature.
Upgrade Mattermost to version 10.5.13+incompatible or later to remediate the vulnerability. Review and tighten board access controls as a temporary measure.
As of the publication date, there are no publicly known proof-of-concept exploits or active campaigns targeting CVE-2025-13870.
Refer to the official Mattermost security advisory on their website or security announcement channels for the most up-to-date information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.