Security Advisory

CVE-2025-2570

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-15 15:27:50

Last updated 2025-05-15 15:47:16

Assigner Mattermost

State PUBLISHED

Description

Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesnt have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console.

← Browse all CVEs View on cve.org ↗