In Mattermost versions 10.5.0 to 10.5.1, 10.4.0 to 10.4.3, and 9.11.0 to 9.11.9 a low severity vulnerability CVE-2025-24839 was detected. This vulnerability allows users to turn on the AI bot by adding a setting to a post using the Wrangler plugin, even if they don’t have access to the bot. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-24839.
Read more Communication