3.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-53971

GHSA ID

GHSA-4276-cm8c-788h

EPSS Score

0.04385%

CWE

CWE-863

Published

8/21/2025

Updated

8/21/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-53971

CVE-2025-53971: Mattermost Fails to Properly Validate Team Role Modification

Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate authorization for team scheme role modifications which allows Team Admins to demote Team Members to Guests via the PUT /api/v4/teams/team-id/members/user-id/schemeRoles API endpoint.

(GitHub Advisory)

3.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-53971

GHSA ID

GHSA-4276-cm8c-788h

EPSS Score

0.04385%

CWE

CWE-863

Published

8/21/2025

Updated

8/21/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/mattermost/mattermost-server	go	>= 10.5.0, <= 10.5.8	10.5.9
github.com/mattermost/mattermost-server	go	>= 9.11.0, <= 9.11.17	9.11.18
github.com/mattermost/mattermost/server/v8	go	< 8.0.0-20250721095846-c602a4a78e1f	8.0.0-20250721095846-c602a4a78e1f

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

M*tt*rmost v*rsions **.*.x <= **.*.*, *.**.x <= *.**.** **il to prop*rly v*li**t* *ut*oriz*tion *or t**m s***m* rol* mo*i*i**tions w*i** *llows T**m **mins to **mot* T**m M*m**rs to *u*sts vi* t** PUT /*pi/v*/t**ms/t**m-i*/m*m**rs/us*r-i*/s***m*Rol*s

Reasoning

No *n*lysis *v*il**l*

3.8

Basic Information

Concerned about an active attack path?

CVE-2025-53971: Mattermost Fails to Properly Validate Team Role Modification

3.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI