CVE-2025-1472

Published: 2025-03-19T15:15Z

Last Modified: 2025-03-19T15:15Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Mattermost versions 9.11.x <= 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt