CVE-2025-22449

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-22449
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22449.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-22449
Aliases
Downstream
Related
Published
2025-01-09T07:15:28Z
Modified
2025-10-01T04:51:27.050126Z
Summary
[none]
Details

Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public.

References

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type
GIT
Repo
https://github.com/mattermost/mattermost-server
Events
Introduced
0bc2ddd42375a75ab14e63f038165150d4f07659
Fixed
51ac054df0cf662ef3fa4657df4e058a33687135

Affected versions

@mattermost/client@9.*

@mattermost/client@9.11.0

@mattermost/types@9.*

@mattermost/types@9.11.0

v9.*

v9.11.0
v9.11.0-rc3
v9.11.1
v9.11.1-rc1
v9.11.2
v9.11.2-rc1
v9.11.2-rc2
v9.11.3
v9.11.3-rc1
v9.11.3-rc2
v9.11.4
v9.11.4-rc1
v9.11.5
v9.11.5-rc1
v9.11.6-rc1
v9.11.6-rc2