What the vulnerability does
01Description
Mattermost versions 10.5.x <= 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts
CVE-2025-49810
LOW
CVE-2025-49810: Thread summarization allows persistent access to channel
CVSS base score
3.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
August 21, 2025
CVE published
August 21, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-23329 changedetection.io API endpoint is not secured with API token
CVE-2025-47382 Incorrect Authorization in Boot
CVE-2025-4975 Tapo privilege escalation on shared devices using notifications
CVE-2017-2599
CVE-2024-39690 Capsule tenant owner with "patch namespace" permission can hijack system namespaces
