{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T01:37:18.378","vulnerabilities":[{"cve":{"id":"CVE-2025-27538","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2025-04-16T08:15:14.217","lastModified":"2025-10-01T18:20:09.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce MFA checks in PUT \/api\/v4\/users\/user-id\/mfa when the requesting user differs from the target user ID, which allows users with edit_other_users permission to activate or deactivate MFA for other users, even if those users have not set up MFA."},{"lang":"es","value":"Las versiones de Mattermost 10.5.x &lt;= 10.5.1, 9.11.x &lt;= 9.11.9 no implementan las comprobaciones de MFA en PUT \/api\/v4\/users\/user-id\/mfa cuando el usuario solicitante difiere del ID del usuario de destino, lo que permite a los usuarios con permiso edit_other_users activar o desactivar MFA para otros usuarios, incluso si esos usuarios no han configurado MFA."}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:H\/PR:H\/UI:N\/S:U\/C:N\/I:L\/A:N","baseScore":2.2,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:L\/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.11.0","versionEndExcluding":"9.11.10","matchCriteriaId":"73837B0A-0874-4B7D-8B09-D3CB7E249EA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.5.0","versionEndExcluding":"10.5.2","matchCriteriaId":"681C7A3F-D251-499D-80D4-0D971FA79B2D"}]}]}],"references":[{"url":"https:\/\/mattermost.com\/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}}]}