CVE-2025-1412

Published: 2025-02-24T08:15Z

Last Modified: 2025-02-24T08:15Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt