CVE-2025-47871 in Mattermost
Summary
by MITRE • 06/30/2025
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive information about linked private channels including channel name, display name, and participant count through the run metadata API endpoint.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 07/01/2025
This vulnerability exists in Mattermost server versions across multiple release branches including 10.5.x through 10.5.5, 9.11.x through 9.11.15, 10.8.x through 10.8.0, 10.7.x through 10.7.2, and 10.6.x through 10.6.5. The flaw stems from inadequate validation of channel membership permissions within the playbook run metadata retrieval functionality, creating an authorization bypass that allows malicious actors to access sensitive channel information. The vulnerability specifically affects the run metadata API endpoint which is designed to provide information about playbook executions and their associated channel links. When users attempt to access this metadata, the system fails to properly verify that the requesting user has legitimate membership in the referenced channels before exposing channel attributes.
The technical implementation of this vulnerability involves a missing access control check during the metadata retrieval process. When playbook runs are queried, the system should validate that the authenticated user possesses appropriate channel membership rights before disclosing channel details such as channel name, display name, and participant count. However, the current implementation permits access to this information regardless of whether the user has proper channel permissions, effectively creating a data leakage scenario. This issue represents a clear violation of the principle of least privilege and demonstrates a failure in the authorization framework that governs access to channel resources. The vulnerability can be classified under CWE-285, which deals with improper authorization, and aligns with ATT&CK technique T1078.101 for Valid Accounts and T1566.002 for Phishing: Spearphishing Attachments, as unauthorized access to channel information could facilitate further social engineering attacks.
The operational impact of this vulnerability is significant for organizations using Mattermost for collaboration and communication. Attackers who are members of playbooks but not channel members can potentially gather intelligence about private channel structures, membership patterns, and communication volumes without proper authorization. This information leakage could enable adversaries to plan targeted attacks, identify high-value channels for compromise, or map organizational communication flows. The exposure of participant counts specifically could reveal organizational size, activity levels, or sensitive project team compositions. Organizations relying on Mattermost for sensitive communications or compliance environments face particular risk, as the disclosure of channel metadata could violate data protection regulations and compromise security posture. The vulnerability affects both public and private channel types, making it particularly concerning for enterprises that maintain strict access controls.
Organizations should immediately implement mitigations including upgrading to patched versions of Mattermost where available, as the vulnerability has been addressed in subsequent releases. Until upgrades are possible, administrators should consider implementing additional access controls at the network level to restrict access to the playbook run metadata endpoints. The system should be configured to enforce stricter channel membership validation for all playbook-related operations. Security monitoring should be enhanced to detect unusual access patterns to metadata endpoints, particularly from users who are playbook members but not channel members. Regular audits of playbook membership assignments and channel access controls should be conducted to identify and remediate potential unauthorized access scenarios. Organizations should also review their incident response procedures to ensure proper handling of potential data leakage events. Implementation of automated access control checks and regular security assessments can help prevent similar vulnerabilities from emerging in other components of the Mattermost platform. The vulnerability underscores the importance of comprehensive access control testing and the need for continuous security validation of privilege management systems within collaborative platforms.