CVE-2025-4128 | Mattermost up to 9.11.13/10.5.4 /api/v4/teams/{team_id} authorization

Inserito da Angelo Barbosa | Giu 11, 2025 | CVE

A vulnerability was found in Mattermost up to 9.11.13/10.5.4 and classified as problematic. Affected by this issue is some unknown functionality of the file /api/v4/teams/{team_id}. The manipulation leads to incorrect authorization.

This vulnerability is handled as CVE-2025-4128. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-4128 | Mattermost up to 9.11.13/10.5.4 /api/v4/teams/{team_id} authorization

Post correlati

CVE-2024-53909 | Veritas Enterprise Vault up to 15.1 .NET Remoting TCP Port deserialization (ZDI-CAN-24334)

CVE-2024-6535 | Red Hat Service Interconnect 1 Skupper default credentials

CVE-2024-37439 | Uncanny Owl Uncanny Toolkit Pro for LearnDash Plugin up to 4.1.4.0 on WordPress authorization

CVE-2024-8861 | ProfileGrid Plugin up to 5.9.3.2 on WordPress cross site scripting