{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "9.11.0"
              },
              {
                "fixed": "9.11.16"
              },
              {
                "introduced": "10.5.0"
              },
              {
                "fixed": "10.5.6"
              },
              {
                "introduced": "10.6.0"
              },
              {
                "fixed": "10.6.6"
              },
              {
                "introduced": "10.7.0"
              },
              {
                "fixed": "10.7.3"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "10.8.0-NA"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "10.8.0-rc1"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "10.8.0-rc2"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "10.8.0-rc3"
              }
            ]
          },
          "events": [
            {
              "introduced": "0bc2ddd42375a75ab14e63f038165150d4f07659"
            },
            {
              "fixed": "96fdd2b677f28d1375df8dfa88bbc519f32bb3b6"
            },
            {
              "introduced": "58bd34fd34cbd7d3da777d627b6cffdf8a532930"
            },
            {
              "fixed": "2c4a9f9d49d9a6aa94b073e8871ff67e95f8984e"
            },
            {
              "introduced": "5eebc77b68c0c2b63103316e3c92342c13fd93f9"
            },
            {
              "fixed": "303cb88e93f0426657feb473b323d9e22dc0e43c"
            },
            {
              "introduced": "f6b324a9d71843e8f48eba9e90dfbeabcbac1ae7"
            },
            {
              "fixed": "5521da96cf8e84ff3f249ff0e3599d131c05e850"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "bb105f3a2785636ad53b2d0bf4027900d41f6a67"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "a68d1e8e0e02dc7953e68876d1c7adcaa4540bae"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "b310742ad7ce8492533bdc764126a44c315ff7d6"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "bb105f3a2785636ad53b2d0bf4027900d41f6a67"
            }
          ],
          "repo": "https://github.com/mattermost/mattermost-server",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "Mattermost versions 10.5.x \u003c= 10.5.5, 9.11.x \u003c= 9.11.15, 10.8.x \u003c= 10.8.0, 10.7.x \u003c= 10.7.2, 10.6.x \u003c= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public and private channels by manipulating playbook run participants when the run is linked to a channel.",
  "id": "CVE-2025-3227",
  "modified": "2026-03-10T21:49:46.995705080Z",
  "published": "2025-06-20T15:15:20.430Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}