平台
go
组件
github.com/mattermost/mattermost
修复版本
10.11.5
10.5.13
8.0.0-20250905150616-ba86dfc5876b
10.5.13+incompatible
10.5.13+incompatible
CVE-2025-13870 describes a permission bypass vulnerability within the Boards feature of Mattermost. This flaw allows an attacker to circumvent user authorization checks, potentially granting them unauthorized access to sensitive board data and functionalities. The vulnerability impacts versions of Mattermost prior to 10.5.13+incompatible, and a patch is available in that version.
Successful exploitation of CVE-2025-13870 could allow an attacker to gain unauthorized access to Mattermost Boards. This could manifest as the ability to view, modify, or delete board data, tasks, and related information without proper authorization. Depending on the board's configuration and the permissions assigned to users, the impact could range from limited access to a specific board to broader control over multiple boards and associated data. The potential for data breaches and disruption of workflows exists if an attacker can manipulate board content or user roles.
CVE-2025-13870 has a LOW CVSS score, indicating a lower probability of exploitation. As of the publication date (2025-12-08), there are no publicly known proof-of-concept exploits. The vulnerability is not currently listed on KEV or EPSS, suggesting no immediate active campaigns are known. Monitor security advisories and Mattermost's official channels for updates.
漏洞利用状态
EPSS
0.04% (12% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-13870 is to upgrade Mattermost to version 10.5.13+incompatible or later. If an immediate upgrade is not feasible, consider implementing stricter access controls within Mattermost Boards to limit the potential impact of unauthorized access. Review and audit existing board permissions to ensure they are appropriately configured. While a direct workaround is not available, regularly monitoring Mattermost logs for suspicious activity related to board access and modifications can help detect potential exploitation attempts.
升级 Mattermost 到最新可用版本。受影响的版本允许对 Boards 中的文件和订阅进行未经授权的访问。请参阅 Mattermost 安全公告以获取更多详细信息和具体的升级说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-13870 is a LOW severity vulnerability in Mattermost Boards that allows attackers to bypass user permission checks, potentially gaining unauthorized access to board data.
You are affected if you are running Mattermost versions prior to 10.5.13+incompatible and utilize the Boards feature.
Upgrade Mattermost to version 10.5.13+incompatible or later to remediate the vulnerability. Review and tighten board access controls as a temporary measure.
As of the publication date, there are no publicly known proof-of-concept exploits or active campaigns targeting CVE-2025-13870.
Refer to the official Mattermost security advisory on their website or security announcement channels for the most up-to-date information.
上传你的 go.mod 文件,立即知道是否受影响。