CVE-2025-1412

Vulnerability Description

Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot.

Vulnerability Details

Published Date

February 24, 2025

Last Modified

October 01, 2025

Source

NVD

CVE-2025-1412

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment