CVE-2025-2570

System Admin Cannot Access Environment settings in System Console While System Manager Can

Description

Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console.

INFO

Published Date :

2025-05-15T15:27:50.280Z

Last Modified :

2025-05-15T15:47:16.151Z

Source :

Mattermost

AFFECTED PRODUCTS

The following products are affected by CVE-2025-2570 vulnerability.

Vendors	Products
Mattermost	Mattermost Mattermost Server

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-2570.

URL	Resource
https://mattermost.com/security-updates

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact