CVE-2025-32093 – This vulnerability allows delegated granular ad... (How to Fix)

Q: How do I fix CVE-2025-32093?

1. Backup your Mattermost instance. 2. Download and install the patched version from Mattermost releases. 3. Restart the Mattermost service. 4. Verify the update was successful.

Q: What is the severity of CVE-2025-32093?

CVE-2025-32093 has a CVSS score of 4.7 (MEDIUM). This vulnerability allows delegated granular administration users with 'Edit Other Users' permission to modify system administrator accounts in Mattermost. Attackers could escalate privileges or compromise admin accounts. Affects Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, and 9.11.x <= 9.11.9.

📋 TL;DR

This vulnerability allows delegated granular administration users with 'Edit Other Users' permission to modify system administrator accounts in Mattermost. Attackers could escalate privileges or compromise admin accounts. Affects Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, and 9.11.x <= 9.11.9.

💻 Affected Systems

Products:

Mattermost

Versions: 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9

Operating Systems: All platforms running Mattermost

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects instances with delegated granular administration enabled and users with 'Edit Other Users' permission.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full system administrator privileges, enabling complete control over the Mattermost instance, data exfiltration, and further network compromise.

🟠

Likely Case

Privilege escalation where delegated administrators gain unauthorized access to modify or disable system admin accounts.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, but still represents a privilege escalation risk.

🌐 Internet-Facing: MEDIUM - Requires authenticated access but could be exploited if attackers gain delegated admin credentials.

🏢 Internal Only: HIGH - Internal threat actors with delegated admin permissions can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access with delegated admin permissions and knowledge of the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.5.2, 10.4.4, 9.11.10

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Backup your Mattermost instance. 2. Download and install the patched version from Mattermost releases. 3. Restart the Mattermost service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict delegated admin permissions

all

Temporarily remove 'Edit Other Users' permission from delegated administrators until patching is complete.

Use Mattermost System Console > Permissions to modify user permissions

🧯 If You Can't Patch

Review and audit all delegated administrator accounts and their permissions
Implement strict monitoring of user modification activities in Mattermost logs

🔍 How to Verify

Check if Vulnerable:

Check Mattermost version via System Console > About Mattermost. If version is 10.5.1 or lower, 10.4.3 or lower, or 9.11.9 or lower, you are vulnerable.

Check Version:

In Mattermost System Console: navigate to About Mattermost section

Verify Fix Applied:

Verify version is 10.5.2+, 10.4.4+, or 9.11.10+ in System Console > About Mattermost.

📡 Detection & Monitoring

Log Indicators:

Unauthorized modifications to system administrator accounts by non-system admin users
User permission changes from delegated administrators

Network Indicators:

Unusual API calls to user modification endpoints from non-admin accounts

SIEM Query:

source="mattermost" AND (event="user_updated" OR event="permission_changed") AND actor_role!="system_admin"

📊 Metadata

CVE ID: CVE-2025-32093

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-863

EPSS Score: 0.23% exploit probability (45.3th percentile)

Published: April 14, 2025

Last Updated: October 2, 2025

🔗 References

https://mattermost.com/security-updates Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32093, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mattermost Server by Mattermost

Mattermost Server by Mattermost

Mattermost Server by Mattermost

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict delegated admin permissions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities