CVE-2025-14573 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-14573 Interim 1 1 2026-03-05T01:24:31Z current 2026-03-05T01:24:31Z 2026-03-05T01:24:31Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-14573 Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2026-March/024527.html E-Mail link for SUSE-SU-2026:0757-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561 CVE-2025-14573 low 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N