Miggo Logo
Miggo Vulnerability Database
CVE-2025-3227

CVE-2025-3227:
Mattermost allows unauthorized channel member management through playbook runs

4.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-3227
GHSA ID
GHSA-qwwm-c582-82rx
EPSS Score
0.04441%
CWE
CWE-863
Published
6/20/2025
Updated
6/20/2025
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/mattermost/mattermost-servergo< 0.0.0-20250520060012-d0380305ef7a0.0.0-20250520060012-d0380305ef7a
github.com/mattermost/mattermost/server/v8go< 8.0.0-20250520060012-d0380305ef7a8.0.0-20250520060012-d0380305ef7a
github.com/mattermost/mattermost/server/v8go>= 10.5.0, <= 10.5.510.5.6
github.com/mattermost/mattermost/server/v8go>= 9.11.0, <= 9.11.159.11.16
github.com/mattermost/mattermost/server/v8go= 10.8.010.8.1
github.com/mattermost/mattermost/server/v8go>= 10.7.0, <= 10.7.210.7.3
github.com/mattermost/mattermost/server/v8go>= 10.6.0, <= 10.6.510.6.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

M*tt*rmost v*rsions **.*.x <= **.*.*, *.**.x <= *.**.**, **.*.x <= **.*.*, **.*.x <= **.*.*, **.*.x <= **.*.* **il to prop*rly *n*or** ***nn*l m*m**r m*n***m*nt p*rmissions in pl*y*ook runs, *llowin* *ut**nti**t** us*rs wit*out t** 'M*n*** ***nn*l M*

Reasoning

No *n*lysis *v*il**l*