CVE-2025-9076 - Vulnerability Details - OpenCVE

Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Mattermost	Mattermost

No data.

No data.

References

Link	Providers
https://mattermost.com/security-updates

History

Wed, 17 Sep 2025 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mattermost Mattermost mattermost
Vendors & Products		Mattermost Mattermost mattermost

Mon, 15 Sep 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 15 Sep 2025 10:15:00 +0000

Type	Values Removed	Values Added
Description		Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.
Title		Mattermost Server exposes sensitive user credentials during shared channel membership synchronization
Weaknesses		CWE-862
References		https://mattermost.com/security-updates
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2025-09-15T10:06:15.094Z

Updated: 2025-09-15T14:05:16.235Z

Reserved: 2025-08-15T15:26:17.148Z

Link: CVE-2025-9076

Vulnrichment

Updated: 2025-09-15T14:05:11.941Z

NVD

Status : Awaiting Analysis

Published: 2025-09-15T10:15:32.450

Modified: 2025-09-15T15:21:42.937

Link: CVE-2025-9076

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9076", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2025-08-15T15:26:17.148Z", "datePublished": "2025-09-15T10:06:15.094Z", "dateUpdated": "2025-09-15T14:05:16.235Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "10.10.1", "status": "affected", "version": "10.10.0", "versionType": "semver"}, {"version": "10.11.0", "status": "unaffected"}, {"version": "10.10.2", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "daw10"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled."}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "baseSeverity": "MEDIUM", "baseScore": 6.5}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-862: Missing Authorization", "cweId": "CWE-862"}]}], "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"value": "Update Mattermost to versions 10.11.0, 10.10.2 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2025-00513", "defect": ["https://mattermost.atlassian.net/browse/MM-64926"], "discovery": "EXTERNAL"}, "title": "Mattermost Server exposes sensitive user credentials during shared channel membership synchronization", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2025-09-15T10:06:15.094Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-15T14:05:07.348669Z", "id": "CVE-2025-9076", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-15T14:05:16.235Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9076", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-15T14:05:07.348669Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-15T14:05:11.941Z"}}], "cna": {"title": "Mattermost Server exposes sensitive user credentials during shared channel membership synchronization", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-64926"], "advisory": "MMSA-2025-00513", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "daw10"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "10.10.0", "versionType": "semver", "lessThanOrEqual": "10.10.1"}, {"status": "unaffected", "version": "10.11.0"}, {"status": "unaffected", "version": "10.10.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 10.11.0, 10.10.2 or higher."}], "references": [{"url": "https://mattermost.com/security-updates"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2025-09-15T10:06:15.094Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9076", "state": "PUBLISHED", "dateUpdated": "2025-09-15T14:05:16.235Z", "dateReserved": "2025-08-15T15:26:17.148Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2025-09-15T10:06:15.094Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.1"}