4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-24526

GHSA ID

GHSA-q8p2-2hwc-jw64

EPSS Score

0.16425%

CWE

CWE-863

Published

2/24/2025

Updated

2/24/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-24526

CVE-2025-24526: Mattermost fails to restrict channel export of archived channels

Mattermost versions 10.1.x <= 10.1.3, 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabled which allows a user to export channel contents when they shouldn't have access to it

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-24526

GHSA ID

GHSA-q8p2-2hwc-jw64

EPSS Score

0.16425%

CWE

CWE-863

Published

2/24/2025

Updated

2/24/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/mattermost/mattermost/server/v8	go	< 8.0.0-20250110161910-96195f1bd746	8.0.0-20250110161910-96195f1bd746
github.com/mattermost/mattermost/server/v8	go	>= 9.11.0-rc1, < 9.11.8	9.11.8
github.com/mattermost/mattermost/server/v8	go	>= 10.2.0-rc1, < 10.2.3	10.2.3
github.com/mattermost/mattermost/server/v8	go	>= 10.3.0-rc1, < 10.3.3	10.3.3
github.com/mattermost/mattermost/server/v8	go	>= 10.4.0-rc1, < 10.4.2	10.4.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing authorization checks in the channel export handler. The fix in commit 3c052b6 added: 1) A configuration check for ExperimentalViewArchivedChannels 2) A channel archive status check using DeleteAt. The original vulnerable code lacked these checks, allowing exports of archived channels when view permissions were disabled. The tests added in api_test.go validate that the export is blocked when ExperimentalViewArchivedChannels=false and channel is archived, confirming the vulnerable flow was in the Export handler.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M*tt*rmost v*rsions **.*.x <= **.*.*, **.*.x <= **.*.*, *.**.x <= *.**.*, **.*.x <= **.*.*, **.*.x <= **.*.* **il to r*stri*t ***nn*l *xport o* *r**iv** ***nn*ls w**n t** "*llow us*rs to vi*w *r**iv** ***nn*ls" is *is**l** w*i** *llows * us*r to *xpo

Reasoning

T** vuln*r**ility st*ms *rom missin* *ut*oriz*tion ****ks in t** ***nn*l *xport **n*l*r. T** *ix in *ommit ******* *****: *) * *on*i*ur*tion ****k *or *xp*rim*nt*lVi*w*r**iv*****nn*ls *) * ***nn*l *r**iv* st*tus ****k usin* **l*t**t. T** ori*in*l vul

4.3

Basic Information

Concerned about an active attack path?

CVE-2025-24526: Mattermost fails to restrict channel export of archived channels

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI