Mattermost <=10.5.5 Channel Member Bypass in Playbook Runs
CVE-2025-46702 Published on June 30, 2025
Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin restrictions and add or remove users to/from private channels via the playbook run participants feature, even when the 'Manage Members' permission has been explicitly removed. This can lead to unauthorized access to sensitive channel content and allow guest users to gain channel management privileges.
Vulnerability Analysis
CVE-2025-46702 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2025-46702 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2025-46702
stack.watch emails you whenever new vulnerabilities are published in Mattermost Server or MatterMost. Just hit a watch button to start following.
Affected Versions
Mattermost:- Version 10.5.0, <= 10.5.5 is affected.
- Version 9.11.0, <= 9.11.15 is affected.
- Version 10.8.0 is affected.
- Version 10.7.0, <= 10.7.2 is affected.
- Version 10.6.0, <= 10.6.5 is affected.
- Version 10.9.0 is unaffected.
- Version 10.5.6 is unaffected.
- Version 9.11.16 is unaffected.
- Version 10.8.1 is unaffected.
- Version 10.7.3 is unaffected.
- Version 10.6.6 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.