CVE-2025-41436 Affecting mattermost-10.11-fips package, versions *


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.15% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-MINIMOSLATEST-MATTERMOST1011FIPS-17295377
  • published11 Jun 2026
  • disclosed14 Nov 2025

Introduced: 14 Nov 2025

CVE-2025-41436  (opens in a new tab)

How to fix?

There is no fixed version for Minimos:latest mattermost-10.11-fips.

NVD Description

Note: Versions mentioned in the description apply only to the upstream mattermost-10.11-fips package and not the mattermost-10.11-fips package as distributed by Minimos. See How to fix? for Minimos:latest relevant fixed versions and status.

Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads

CVSS Base Scores

version 3.1