Cyber Resilience

CVE-2025-24839

Low

Published: 16 April 2025

Published
16 April 2025
Modified
02 October 2025
KEV Added
Patch
CVSS Score v3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0014 33.7th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24839 is a low-severity Incorrect Authorization (CWE-863) vulnerability in Mattermost Mattermost Server. Its CVSS base score is 3.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: Exploit Public-Facing Application (AML.T0049), AI Agent Context Poisoning (AML.T0080).

EU & UK References

Vulnerability details

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activate_ai override property to…

more

a post via the Wrangler plugin, provided both the AI and Wrangler plugins are enabled.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
LLM01:2025 Prompt Injection
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1213.005 Messaging Applications Collection
Adversaries may leverage chat and messaging applications, such as Microsoft Teams, Google Chat, and Slack, to mine valuable information.
Why these techniques?

The vulnerability allows low-privileged users to bypass access controls and trigger AI bot responses in Mattermost via the Wrangler plugin, enabling exploitation for privilege escalation (T1068), exploitation of the remote Mattermost service (T1210), and unauthorized data collection from the messaging application (T1213.005).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0049: Exploit Public-Facing ApplicationAML.T0080: AI Agent Context Poisoning

Affected Assets

mattermost
mattermost server
9.11.0 — 9.11.10 · 10.4.0 — 10.4.4 · 10.5.0 — 10.5.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-863

Periodic review and update of procedures reduces incorrect authorization implementations over time.

addresses: CWE-863

Supervision identifies cases where authorization logic incorrectly permits unauthorized actions.

addresses: CWE-863

Defining permitted attribute values and auditing modifications reduces the chance of incorrect authorization outcomes due to tampered or missing labels.

addresses: CWE-863

The authorization process and usage restrictions help prevent incorrect authorization for remote access types.

addresses: CWE-863

Establishing configuration and connection requirements helps ensure correct rather than incorrect authorization for wireless access.

addresses: CWE-863

Establishing connection authorization processes for mobile devices helps ensure authorization decisions are correctly implemented rather than incorrect.

addresses: CWE-863

Monitoring account use, notifying on changes, and reviewing accounts for compliance corrects incorrect authorization assignments.

addresses: CWE-863

Ensures authorization decisions for external system use are correctly implemented and enforced.

References