CVE-2025-24866

2.7

Low

CVE-2025-24866

10 Apr 2025

responsibledisclosure@mattermost.com

Awaiting Analysis

Description

Mattermost versions 9.11.x <= 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

responsibledisclosure@mattermost.com

https://mattermost.com/security-updates

CVE-2025-24866 - CVE-2025-24866 | Cyber Hub