CVE-2025-9076 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-9076 Interim 1 2 2025-11-01T01:01:29Z current 2025-09-22T08:07:08Z 2025-11-01T01:01:29Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-9076 Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed govulncheck-vulndb-0.0.20250917T170349-1.1 govulncheck-vulndb-0.0.20250917T170349-1.1 as a component of openSUSE Tumbleweed Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled. CVE-2025-9076 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250917T170349-1.1 moderate