CVE-2025-41436 LOW

CVE-2025-41436: Unauthorized access to archived channel content via threads interface

Vendor Mattermost
Product Mattermost
Weakness CWE-863 · Incorrect authorization
Published November 14, 2025
Last update November 14, 2025

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads

Key dates

02Disclosure timeline

November 14, 2025 CVE published
November 14, 2025 Record updated