Platform
go
Component
github.com/mattermost/mattermost
Fixed in
10.11.5
10.5.13
8.0.0-20250905150616-ba86dfc5876b
10.5.13+incompatible
10.5.13+incompatible
CVE-2025-13870 describes a permission bypass vulnerability within the Boards feature of Mattermost. This flaw allows an attacker to circumvent user authorization checks, potentially granting them unauthorized access to sensitive board data and functionalities. The vulnerability impacts versions of Mattermost prior to 10.5.13+incompatible, and a patch is available in that version.
Successful exploitation of CVE-2025-13870 could allow an attacker to gain unauthorized access to Mattermost Boards. This could manifest as the ability to view, modify, or delete board data, tasks, and related information without proper authorization. Depending on the board's configuration and the permissions assigned to users, the impact could range from limited access to a specific board to broader control over multiple boards and associated data. The potential for data breaches and disruption of workflows exists if an attacker can manipulate board content or user roles.
CVE-2025-13870 has a LOW CVSS score, indicating a lower probability of exploitation. As of the publication date (2025-12-08), there are no publicly known proof-of-concept exploits. The vulnerability is not currently listed on KEV or EPSS, suggesting no immediate active campaigns are known. Monitor security advisories and Mattermost's official channels for updates.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-13870 is to upgrade Mattermost to version 10.5.13+incompatible or later. If an immediate upgrade is not feasible, consider implementing stricter access controls within Mattermost Boards to limit the potential impact of unauthorized access. Review and audit existing board permissions to ensure they are appropriately configured. While a direct workaround is not available, regularly monitoring Mattermost logs for suspicious activity related to board access and modifications can help detect potential exploitation attempts.
Actualice Mattermost a la última versión disponible. Las versiones afectadas permiten acceso no autorizado a archivos y suscripciones en Boards. Consulte el anuncio de seguridad de Mattermost para obtener más detalles e instrucciones específicas de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13870 is a LOW severity vulnerability in Mattermost Boards that allows attackers to bypass user permission checks, potentially gaining unauthorized access to board data.
You are affected if you are running Mattermost versions prior to 10.5.13+incompatible and utilize the Boards feature.
Upgrade Mattermost to version 10.5.13+incompatible or later to remediate the vulnerability. Review and tighten board access controls as a temporary measure.
As of the publication date, there are no publicly known proof-of-concept exploits or active campaigns targeting CVE-2025-13870.
Refer to the official Mattermost security advisory on their website or security announcement channels for the most up-to-date information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.