{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "9.11.0" }, { "fixed": "9.11.14" }, { "introduced": "10.5.0" }, { "fixed": "10.5.5" }, { "introduced": "10.6.0" }, { "fixed": "10.6.4" }, { "introduced": "10.7.0" }, { "fixed": "10.7.2" } ] }, "events": [ { "introduced": "0bc2ddd42375a75ab14e63f038165150d4f07659" }, { "fixed": "97e6d3231a80107e0c9098f22617900d78c3a1c8" }, { "introduced": "58bd34fd34cbd7d3da777d627b6cffdf8a532930" }, { "fixed": "3109688e8c8da24b289092a4b2d13e7eaff0db9a" }, { "introduced": "5eebc77b68c0c2b63103316e3c92342c13fd93f9" }, { "fixed": "4aec93645e29797b8261c7a6e18dc36e477ebae4" }, { "introduced": "f6b324a9d71843e8f48eba9e90dfbeabcbac1ae7" }, { "fixed": "a3eae493caceb9aa76a5097daeb03229938d1885" } ], "repo": "https://github.com/mattermost/mattermost-server", "type": "GIT" } ] } ], "details": "Mattermost versions 10.7.x \u003c= 10.7.1, 10.6.x \u003c= 10.6.3, 10.5.x \u003c= 10.5.4, 9.11.x \u003c= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT /api/v4/ldap/groups/{remote_id}/link API when objectGUID is configured as the Group ID Attribute.", "id": "CVE-2025-4573", "modified": "2026-03-10T21:53:58.674271705Z", "published": "2025-06-11T11:15:23.313Z", "references": [ { "type": "ADVISORY", "url": "https://mattermost.com/security-updates" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "type": "CVSS_V3" } ] }