Search criteria
322 vulnerabilities
CVE-2025-13870 (GCVE-0-2025-13870)
Vulnerability from cvelistv5 – Published: 2025-12-02 09:28 – Updated: 2025-12-02 14:38
VLAI?
Summary
Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does not have access to
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.11.0 , ≤ 10.11.4
(semver)
Affected: 10.5.0 , ≤ 10.5.12 (semver) Unaffected: 11.1.0 Unaffected: 10.11.5 Unaffected: 10.5.13 |
Credits
Doyensec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:38:15.737706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:38:23.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.11.4",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.12",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "10.11.5"
},
{
"status": "unaffected",
"version": "10.5.13"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Doyensec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.11.x \u003c= 10.11.4, 10.5.x \u003c= 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does not have access to"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T09:28:44.436Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.1.0, 10.11.5, 10.5.13 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00517",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64970"
],
"discovery": "EXTERNAL"
},
"title": "Unauthorized access and subscription vulnerability in Boards"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-13870",
"datePublished": "2025-12-02T09:28:44.436Z",
"dateReserved": "2025-12-02T09:10:03.197Z",
"dateUpdated": "2025-12-02T14:38:23.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12756 (GCVE-0-2025-12756)
Vulnerability from cvelistv5 – Published: 2025-12-01 19:51 – Updated: 2025-12-01 20:02
VLAI?
Summary
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
11.0.0 , ≤ 11.0.2
(semver)
Affected: 10.12.0 , ≤ 10.12.1 (semver) Affected: 10.11.0 , ≤ 10.11.4 (semver) Affected: 10.5.0 , ≤ 10.5.12 (semver) Unaffected: 11.1.0 Unaffected: 11.0.3 Unaffected: 10.12.2 Unaffected: 10.11.5 Unaffected: 10.5.13 |
Credits
daynight
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T20:01:59.250891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T20:02:24.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.12.1",
"status": "affected",
"version": "10.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.4",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.12",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "11.0.3"
},
{
"status": "unaffected",
"version": "10.12.2"
},
{
"status": "unaffected",
"version": "10.11.5"
},
{
"status": "unaffected",
"version": "10.5.13"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daynight"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 11.0.x \u003c= 11.0.2, 10.12.x \u003c= 10.12.1, 10.11.x \u003c= 10.11.4, 10.5.x \u003c= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T19:51:46.289Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.1.0, 11.0.3, 10.12.2, 10.11.5, 10.5.13 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00530",
"defect": [
"https://mattermost.atlassian.net/browse/MM-65965"
],
"discovery": "EXTERNAL"
},
"title": "Insecure Direct Object Reference in Mattermost Boards Plugin Enables Unauthorised Comment Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-12756",
"datePublished": "2025-12-01T19:51:46.289Z",
"dateReserved": "2025-11-05T15:23:20.065Z",
"dateUpdated": "2025-12-01T20:02:24.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12421 (GCVE-0-2025-12421)
Vulnerability from cvelistv5 – Published: 2025-11-27 17:47 – Updated: 2025-12-02 04:55
VLAI?
Summary
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Severity ?
9.9 (Critical)
CWE
- CWE-303 - Incorrect Implementation of Authentication Algorithm
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
11.0.0 , ≤ 11.0.2
(semver)
Affected: 10.12.0 , ≤ 10.12.1 (semver) Affected: 10.11.0 , ≤ 10.11.4 (semver) Affected: 10.5.0 , ≤ 10.5.12 (semver) Unaffected: 11.1.0 Unaffected: 11.0.3 Unaffected: 10.12.2 Unaffected: 10.11.5 Unaffected: 10.5.13 |
Credits
daw10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T04:55:56.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.12.1",
"status": "affected",
"version": "10.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.4",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.12",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "11.0.3"
},
{
"status": "unaffected",
"version": "10.12.2"
},
{
"status": "unaffected",
"version": "10.11.5"
},
{
"status": "unaffected",
"version": "10.5.13"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daw10"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 11.0.x \u003c= 11.0.2, 10.12.x \u003c= 10.12.1, 10.11.x \u003c= 10.11.4, 10.5.x \u003c= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-27T17:47:04.944Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.1.0, 11.0.3, 10.12.2, 10.11.5, 10.5.13 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00544",
"defect": [
"https://mattermost.atlassian.net/browse/MM-66299"
],
"discovery": "EXTERNAL"
},
"title": "Account Takeover via Code Exchange Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-12421",
"datePublished": "2025-11-27T17:47:04.944Z",
"dateReserved": "2025-10-28T16:54:12.491Z",
"dateUpdated": "2025-12-02T04:55:56.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12559 (GCVE-0-2025-12559)
Vulnerability from cvelistv5 – Published: 2025-11-27 16:36 – Updated: 2025-11-28 15:20
VLAI?
Summary
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Severity ?
4.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
11.0.0 , ≤ 11.0.2
(semver)
Affected: 10.12.0 , ≤ 10.12.1 (semver) Affected: 10.11.0 , ≤ 10.11.4 (semver) Affected: 10.5.0 , ≤ 10.5.12 (semver) Unaffected: 11.1.0 Unaffected: 11.0.3 Unaffected: 10.12.2 Unaffected: 10.11.5 Unaffected: 10.5.13 |
Credits
hainguyen0207
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T15:20:22.362371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T15:20:44.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "11.0.2",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.12.1",
"status": "affected",
"version": "10.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.4",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.12",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "11.0.3"
},
{
"status": "unaffected",
"version": "10.12.2"
},
{
"status": "unaffected",
"version": "10.11.5"
},
{
"status": "unaffected",
"version": "10.5.13"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "hainguyen0207"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 11.0.x \u003c= 11.0.2, 10.12.x \u003c= 10.12.1, 10.11.x \u003c= 10.11.4, 10.5.x \u003c= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-27T16:36:30.545Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.1.0, 11.0.3, 10.12.2, 10.11.5, 10.5.13 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00526",
"defect": [
"https://mattermost.atlassian.net/browse/MM-65683"
],
"discovery": "EXTERNAL"
},
"title": "Information Disclosure in Common Teams API"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-12559",
"datePublished": "2025-11-27T16:36:30.545Z",
"dateReserved": "2025-10-31T17:28:45.000Z",
"dateUpdated": "2025-11-28T15:20:44.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12419 (GCVE-0-2025-12419)
Vulnerability from cvelistv5 – Published: 2025-11-27 15:55 – Updated: 2025-12-02 04:55
VLAI?
Summary
Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.
Severity ?
9.9 (Critical)
CWE
- CWE-303 - Incorrect Implementation of Authentication Algorithm
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.12.0 , ≤ 10.12.1
(semver)
Affected: 10.11.0 , ≤ 10.11.4 (semver) Affected: 10.5.0 , ≤ 10.5.12 (semver) Affected: 11.0.0 , ≤ 11.0.3 (semver) Unaffected: 11.1.0 Unaffected: 10.12.2 Unaffected: 10.11.5 Unaffected: 10.5.13 Unaffected: 11.0.4 |
Credits
daw10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T04:55:58.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.12.1",
"status": "affected",
"version": "10.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.4",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.12",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.0.3",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "10.12.2"
},
{
"status": "unaffected",
"version": "10.11.5"
},
{
"status": "unaffected",
"version": "10.5.13"
},
{
"status": "unaffected",
"version": "11.0.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daw10"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.12.x \u003c= 10.12.1, 10.11.x \u003c= 10.11.4, 10.5.x \u003c= 10.5.12, 11.0.x \u003c= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-27T17:18:07.520Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.1.0, 10.12.2, 10.11.5, 10.5.13, 11.0.4 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00547",
"defect": [
"https://mattermost.atlassian.net/browse/MM-66371"
],
"discovery": "EXTERNAL"
},
"title": "Account takeover on OAuth/OpenID-enabled servers"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-12419",
"datePublished": "2025-11-27T15:55:44.815Z",
"dateReserved": "2025-10-28T16:09:58.730Z",
"dateUpdated": "2025-12-02T04:55:58.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55074 (GCVE-0-2025-55074)
Vulnerability from cvelistv5 – Published: 2025-11-18 15:23 – Updated: 2025-11-18 21:03
VLAI?
Summary
Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects
Severity ?
CWE
- CWE-1426 - Improper Validation of Generative AI Output
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.11.0 , ≤ 10.11.3
(semver)
Affected: 10.5.0 , ≤ 10.5.11 (semver) Unaffected: 11.0.0 Unaffected: 10.11.4 Unaffected: 10.5.12 |
Credits
Juho Forsén
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T21:03:12.091209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T21:03:22.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.11.3",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.11",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.0.0"
},
{
"status": "unaffected",
"version": "10.11.4"
},
{
"status": "unaffected",
"version": "10.5.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juho Fors\u00e9n"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.11.x \u003c= 10.11.3, 10.5.x \u003c= 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1426",
"description": "CWE-1426: Improper Validation of Generative AI Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T15:25:53.686Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.0.0, 10.11.4, 10.5.12 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00451",
"defect": [
"https://mattermost.atlassian.net/browse/MM-62941"
],
"discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
},
"title": "Channel member objects leak read status"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-55074",
"datePublished": "2025-11-18T15:23:29.642Z",
"dateReserved": "2025-10-15T11:42:23.835Z",
"dateUpdated": "2025-11-18T21:03:22.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11794 (GCVE-0-2025-11794)
Vulnerability from cvelistv5 – Published: 2025-11-14 10:45 – Updated: 2025-12-01 15:36
VLAI?
Summary
Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/{user_id}/email/verify/member endpoint
Severity ?
4.9 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.11.0 , ≤ 10.11.3
(semver)
Affected: 10.5.0 , ≤ 10.5.11 (semver) Affected: 10.12.0 , ≤ 10.12.0 (semver) Unaffected: 11.0.0 Unaffected: 10.11.4 Unaffected: 10.5.12 Unaffected: 10.12.1 |
Credits
Christian Iwata Nilsson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T13:27:27.714952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T15:36:58.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.11.3",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.11",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.12.0",
"status": "affected",
"version": "10.12.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.0.0"
},
{
"status": "unaffected",
"version": "10.11.4"
},
{
"status": "unaffected",
"version": "10.5.12"
},
{
"status": "unaffected",
"version": "10.12.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christian Iwata Nilsson"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.11.x \u003c= 10.11.3, 10.5.x \u003c= 10.5.11, 10.12.x \u003c= 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/{user_id}/email/verify/member endpoint"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T10:45:39.244Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.0.0, 10.11.4, 10.5.12, 10.12.1 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00541",
"defect": [
"https://mattermost.atlassian.net/browse/MM-65742"
],
"discovery": "EXTERNAL"
},
"title": "Password hash and MFA secret returned in user email verification endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-11794",
"datePublished": "2025-11-14T10:45:39.244Z",
"dateReserved": "2025-10-15T13:45:32.170Z",
"dateUpdated": "2025-12-01T15:36:58.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55073 (GCVE-0-2025-55073)
Vulnerability from cvelistv5 – Published: 2025-11-14 08:03 – Updated: 2025-11-14 15:46
VLAI?
Summary
Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL.
Severity ?
5.4 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.11.0 , ≤ 10.11.3
(semver)
Affected: 10.5.0 , ≤ 10.5.11 (semver) Affected: 10.12.0 , ≤ 10.12.0 (semver) Unaffected: 11.0.0 Unaffected: 10.11.4 Unaffected: 10.5.12 Unaffected: 10.12.1 |
Credits
Juho Forsén
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T15:46:46.741736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T15:46:58.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.11.3",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.11",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.12.0",
"status": "affected",
"version": "10.12.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.0.0"
},
{
"status": "unaffected",
"version": "10.11.4"
},
{
"status": "unaffected",
"version": "10.5.12"
},
{
"status": "unaffected",
"version": "10.12.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juho Fors\u00e9n"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.11.x \u003c= 10.11.3, 10.5.x \u003c= 10.5.11, 10.12.x \u003c= 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T08:03:16.922Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.0.0, 10.11.4, 10.5.12, 10.12.1 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00492",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64368"
],
"discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
},
"title": "MS Teams plugin OAuth allows editing arbitrary posts"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-55073",
"datePublished": "2025-11-14T08:03:16.922Z",
"dateReserved": "2025-10-15T11:16:32.206Z",
"dateUpdated": "2025-11-14T15:46:58.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55070 (GCVE-0-2025-55070)
Vulnerability from cvelistv5 – Published: 2025-11-14 08:02 – Updated: 2025-11-14 15:47
VLAI?
Summary
Mattermost versions <11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events
Severity ?
6.5 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
<11 , ≤ <11
(semver)
Unaffected: 11.0.0 |
Credits
Agniva De Sarker
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T15:47:34.847220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T15:47:52.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "\u003c11",
"status": "affected",
"version": "\u003c11",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Agniva De Sarker"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions \u003c11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T08:02:24.764Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.0.0 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00540",
"defect": [
"https://mattermost.atlassian.net/browse/MM-63929"
],
"discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
},
"title": "Lack of MFA enforcement in WebSocket connections"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-55070",
"datePublished": "2025-11-14T08:02:24.764Z",
"dateReserved": "2025-10-15T11:42:23.807Z",
"dateUpdated": "2025-11-14T15:47:52.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-41436 (GCVE-0-2025-41436)
Vulnerability from cvelistv5 – Published: 2025-11-14 08:00 – Updated: 2025-11-14 15:48
VLAI?
Summary
Mattermost versions <11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
<11.0 , ≤ <11.0
(semver)
Unaffected: 11.0.0 |
Credits
BhaRat (hackit_bharat)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T15:48:20.224880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T15:48:31.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "\u003c11.0",
"status": "affected",
"version": "\u003c11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "BhaRat (hackit_bharat)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions \u003c11.0 fail to properly enforce the \"Allow users to view archived channels\" setting which allows regular users to access archived channel content and files via the \"Open in Channel\" functionality from followed threads"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T08:00:42.467Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.0.0 or higher."
}
],
"source": {
"advisory": "MMSA-2024-00337",
"defect": [
"https://mattermost.atlassian.net/browse/MM-58202"
],
"discovery": "EXTERNAL"
},
"title": "Unauthorized access to archived channel content via threads interface"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-41436",
"datePublished": "2025-11-14T08:00:42.467Z",
"dateReserved": "2025-10-15T11:16:32.223Z",
"dateUpdated": "2025-11-14T15:48:31.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11776 (GCVE-0-2025-11776)
Vulnerability from cvelistv5 – Published: 2025-11-14 07:58 – Updated: 2025-11-14 15:49
VLAI?
Summary
Mattermost versions <11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the `/api/v4/teams/{team_id}/channels/search_archived` endpoint
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
<11 , ≤ <11
(semver)
Unaffected: 11.0.0 |
Credits
lordwillmore
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T15:49:02.657429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T15:49:13.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "\u003c11",
"status": "affected",
"version": "\u003c11",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "lordwillmore"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions \u003c11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the `/api/v4/teams/{team_id}/channels/search_archived` endpoint"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T07:58:52.172Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.0.0 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00493",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64394"
],
"discovery": "EXTERNAL"
},
"title": "Guest user can discover archived public channels"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-11776",
"datePublished": "2025-11-14T07:58:52.172Z",
"dateReserved": "2025-10-15T11:35:59.209Z",
"dateUpdated": "2025-11-14T15:49:13.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59480 (GCVE-0-2025-59480)
Vulnerability from cvelistv5 – Published: 2025-11-13 17:32 – Updated: 2025-11-13 18:02
VLAI?
Summary
Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses
Severity ?
6.1 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
0 , ≤ 2.32.0
(semver)
Unaffected: 2.33.0 |
Credits
Doyensec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T18:02:17.008542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T18:02:26.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "2.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2.33.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Doyensec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Mobile Apps versions \u003c=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T17:32:04.772Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost Mobile Apps to versions 2.33.0 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00522",
"defect": [
"https://mattermost.atlassian.net/browse/MM-65083"
],
"discovery": "EXTERNAL"
},
"title": "Inadequate validation of SSO redirect credentials permits credential theft"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-59480",
"datePublished": "2025-11-13T17:32:04.772Z",
"dateReserved": "2025-10-15T11:16:32.195Z",
"dateUpdated": "2025-11-13T18:02:26.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11777 (GCVE-0-2025-11777)
Vulnerability from cvelistv5 – Published: 2025-11-13 17:32 – Updated: 2025-11-13 18:01
VLAI?
Summary
Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.11.0 , ≤ 10.11.3
(semver)
Affected: 10.5.0 , ≤ 10.5.11 (semver) Unaffected: 11.0.0 Unaffected: 10.11.4 Unaffected: 10.5.12 |
Credits
Xiangyu Guo
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T18:01:38.258075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T18:01:46.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.11.3",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.11",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.0.0"
},
{
"status": "unaffected",
"version": "10.11.4"
},
{
"status": "unaffected",
"version": "10.5.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Xiangyu Guo"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.11.x \u003c= 10.11.3, 10.5.x \u003c= 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T17:32:03.975Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.0.0, 10.11.4, 10.5.12 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00518",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64661"
],
"discovery": "EXTERNAL"
},
"title": "Cross-team channel membership access"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-11777",
"datePublished": "2025-11-13T17:32:03.975Z",
"dateReserved": "2025-10-15T11:37:25.782Z",
"dateUpdated": "2025-11-13T18:01:46.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55035 (GCVE-0-2025-55035)
Vulnerability from cvelistv5 – Published: 2025-10-16 15:18 – Updated: 2025-10-16 16:28
VLAI?
Summary
Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having the user configure the malicious server and forcing a modal popup that cannot be closed.
Severity ?
6.1 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
0 , ≤ 5.0.13
(semver)
Unaffected: 5.13.1.0 |
Credits
Doyensec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T16:27:19.505025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T16:28:05.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.0.13",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.13.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Doyensec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost Desktop App versions \u0026lt;=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having the user configure the malicious server and forcing a modal popup that cannot be closed.\u003c/p\u003e"
}
],
"value": "Mattermost Desktop App versions \u003c=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having the user configure the malicious server and forcing a modal popup that cannot be closed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:18:25.389Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop App to versions 5.13.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop App to versions 5.13.1 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00515",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64950"
],
"discovery": "EXTERNAL"
},
"title": "Mattermost Desktop DoS when user has basic authentication server configured",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-55035",
"datePublished": "2025-10-16T15:18:25.389Z",
"dateReserved": "2025-09-11T18:33:39.530Z",
"dateUpdated": "2025-10-16T16:28:05.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58073 (GCVE-0-2025-58073)
Vulnerability from cvelistv5 – Published: 2025-10-16 08:44 – Updated: 2025-10-22 03:55
VLAI?
Summary
Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state.
Severity ?
8.1 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.11.0 , ≤ 10.11.1
(semver)
Affected: 10.10.0 , ≤ 10.10.2 (semver) Affected: 10.5.0 , ≤ 10.5.10 (semver) Unaffected: 10.12.0 Unaffected: 10.11.2 Unaffected: 10.10.3 Unaffected: 10.5.11 |
Credits
DoyenSec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:55:15.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.11.1",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.2",
"status": "affected",
"version": "10.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.10",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.12.0"
},
{
"status": "unaffected",
"version": "10.11.2"
},
{
"status": "unaffected",
"version": "10.10.3"
},
{
"status": "unaffected",
"version": "10.5.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.11.x \u003c= 10.11.1, 10.10.x \u003c= 10.10.2, 10.5.x \u003c= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the OAuth state."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T08:44:26.158Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 10.12.0, 10.11.2, 10.10.3, 10.5.11 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00507",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64897"
],
"discovery": "EXTERNAL"
},
"title": "Arbitrary Mattermost Team can be joined by manipulating the OAuth state"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-58073",
"datePublished": "2025-10-16T08:44:26.158Z",
"dateReserved": "2025-09-16T08:32:57.336Z",
"dateUpdated": "2025-10-22T03:55:15.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41410 (GCVE-0-2025-41410)
Vulnerability from cvelistv5 – Published: 2025-10-16 08:39 – Updated: 2025-10-16 14:00
VLAI?
Summary
Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictions
Severity ?
5.4 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.10.0 , ≤ 10.10.2
(semver)
Affected: 10.5.0 , ≤ 10.5.10 (semver) Affected: 10.11.0 , ≤ 10.11.2 (semver) Unaffected: 10.12.0 Unaffected: 10.10.3 Unaffected: 10.5.11 Unaffected: 10.11.3 |
Credits
daw10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:59:31.979617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:00:19.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.10.2",
"status": "affected",
"version": "10.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.10",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.2",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.12.0"
},
{
"status": "unaffected",
"version": "10.10.3"
},
{
"status": "unaffected",
"version": "10.5.11"
},
{
"status": "unaffected",
"version": "10.11.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daw10"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.10.x \u003c= 10.10.2, 10.5.x \u003c= 10.5.10, 10.11.x \u003c= 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictions"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T08:39:58.233Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 10.12.0, 10.10.3, 10.5.11, 10.11.3 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00525",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64924"
],
"discovery": "EXTERNAL"
},
"title": "Slack import bypasses email verification for team access controls"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-41410",
"datePublished": "2025-10-16T08:39:58.233Z",
"dateReserved": "2025-09-16T08:32:57.345Z",
"dateUpdated": "2025-10-16T14:00:19.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10545 (GCVE-0-2025-10545)
Vulnerability from cvelistv5 – Published: 2025-10-16 08:24 – Updated: 2025-10-16 14:14
VLAI?
Summary
Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/members` endpoint
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.5.0 , ≤ 10.5.10
(semver)
Affected: 10.11.0 , ≤ 10.11.2 (semver) Unaffected: 10.12.0 Unaffected: 10.5.11 Unaffected: 10.11.3 |
Credits
lordwillmore
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T14:13:30.975814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:14:09.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.5.10",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.2",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.12.0"
},
{
"status": "unaffected",
"version": "10.5.11"
},
{
"status": "unaffected",
"version": "10.11.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "lordwillmore"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.5.x \u003c= 10.5.10, 10.11.x \u003c= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/members` endpoint"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T08:24:25.928Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 10.12.0, 10.5.11, 10.11.3 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00497",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64444"
],
"discovery": "EXTERNAL"
},
"title": "Guest user can add unauthorized team users to private channels"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-10545",
"datePublished": "2025-10-16T08:24:25.928Z",
"dateReserved": "2025-09-16T08:41:00.850Z",
"dateUpdated": "2025-10-16T14:14:09.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58075 (GCVE-0-2025-58075)
Vulnerability from cvelistv5 – Published: 2025-10-16 08:20 – Updated: 2025-10-22 03:55
VLAI?
Summary
Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState
Severity ?
8.1 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.11.0 , ≤ 10.11.1
(semver)
Affected: 10.10.0 , ≤ 10.10.2 (semver) Affected: 10.5.0 , ≤ 10.5.10 (semver) Unaffected: 10.12.0 Unaffected: 10.11.2 Unaffected: 10.10.3 Unaffected: 10.5.11 |
Credits
DoyenSec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:55:13.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.11.1",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.2",
"status": "affected",
"version": "10.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.10",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.12.0"
},
{
"status": "unaffected",
"version": "10.11.2"
},
{
"status": "unaffected",
"version": "10.10.3"
},
{
"status": "unaffected",
"version": "10.5.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.11.x \u003c= 10.11.1, 10.10.x \u003c= 10.10.2, 10.5.x \u003c= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T08:20:06.939Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 10.12.0, 10.11.2, 10.10.3, 10.5.11 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00508",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64895"
],
"discovery": "EXTERNAL"
},
"title": "Arbitrary Mattermost Team can be joined by manipulating the SAML RelayState"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-58075",
"datePublished": "2025-10-16T08:20:06.939Z",
"dateReserved": "2025-09-16T08:32:57.321Z",
"dateUpdated": "2025-10-22T03:55:13.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54499 (GCVE-0-2025-54499)
Vulnerability from cvelistv5 – Published: 2025-10-16 08:17 – Updated: 2025-10-16 13:51
VLAI?
Summary
Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets
Severity ?
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.5.0 , ≤ 10.5.10
(semver)
Affected: 10.11.0 , ≤ 10.11.2 (semver) Unaffected: 10.12.0 Unaffected: 10.5.11 Unaffected: 10.11.3 |
Credits
DoyenSec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:49:58.206427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:51:10.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.5.10",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.2",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.12.0"
},
{
"status": "unaffected",
"version": "10.5.11"
},
{
"status": "unaffected",
"version": "10.11.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.5.x \u003c= 10.5.10, 10.11.x \u003c= 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T08:17:20.937Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 10.12.0, 10.5.11, 10.11.3 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00516",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64968"
],
"discovery": "EXTERNAL"
},
"title": "Insecure string comparison enables timing attacks"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-54499",
"datePublished": "2025-10-16T08:17:20.937Z",
"dateReserved": "2025-09-16T08:32:57.368Z",
"dateUpdated": "2025-10-16T13:51:10.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41443 (GCVE-0-2025-41443)
Vulnerability from cvelistv5 – Published: 2025-10-16 08:10 – Updated: 2025-10-29 08:06
VLAI?
Summary
Mattermost versions 10.5.x <= 10.5.12, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the `/api/v4/teams/{team_id}/channels/ids` endpoint
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.5.0 , ≤ 10.5.12
(semver)
Affected: 10.11.0 , ≤ 10.11.2 (semver) Unaffected: 10.12.0 Unaffected: 10.5.13 Unaffected: 10.11.3 |
Credits
lordwillmore
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:58:02.191501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:58:12.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.5.12",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.2",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.12.0"
},
{
"status": "unaffected",
"version": "10.5.13"
},
{
"status": "unaffected",
"version": "10.11.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "lordwillmore"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.5.x \u003c= 10.5.12, 10.11.x \u003c= 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the `/api/v4/teams/{team_id}/channels/ids` endpoint"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T08:06:29.837Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 10.12.0, 10.5.13, 10.11.3 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00496",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64452"
],
"discovery": "EXTERNAL"
},
"title": "Guest user can discover active public channels"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-41443",
"datePublished": "2025-10-16T08:10:40.582Z",
"dateReserved": "2025-09-16T08:32:57.376Z",
"dateUpdated": "2025-10-29T08:06:29.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58084 (GCVE-0-2025-58084)
Vulnerability from cvelistv5 – Published: 2025-10-13 19:57 – Updated: 2025-10-14 14:28
VLAI?
Summary
Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL.
Severity ?
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
0 , ≤ 5.13.0
(semver)
Unaffected: 5.13.1 |
Credits
Doyensec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T14:28:39.740317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:28:52.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "5.13.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.13.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Doyensec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgba(227, 228, 232, 0.04);\"\u003eMattermost Desktop App versions \u0026lt;= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user\u0027s application by sending the user a malformed URL.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Mattermost Desktop App versions \u003c= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user\u0027s application by sending the user a malformed URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T19:57:23.997Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Desktop App to versions 5.13.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Desktop App to versions 5.13.1 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00514",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64948"
],
"discovery": "EXTERNAL"
},
"title": "Mattermost Desktop App crashes when clicking on malformed external URL",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-58084",
"datePublished": "2025-10-13T19:57:23.997Z",
"dateReserved": "2025-09-11T18:33:39.540Z",
"dateUpdated": "2025-10-14T14:28:52.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11579 (GCVE-0-2025-11579)
Vulnerability from cvelistv5 – Published: 2025-10-10 11:15 – Updated: 2025-12-02 09:30
VLAI?
Summary
github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.
Severity ?
5.3 (Medium)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
Impacted products
Credits
Juho Forsén
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T12:40:54.486493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T12:41:22.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "rardecode",
"vendor": "nwaples",
"versions": [
{
"lessThanOrEqual": "2.1.1",
"status": "affected",
"version": "2.0.1",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juho Fors\u00e9n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "github.com/nwaples/rardecode versions \u0026lt;=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash."
}
],
"value": "github.com/nwaples/rardecode versions \u003c=2.1.1 fail to restrict the dictionary size when reading\u00a0large RAR\u00a0dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T09:30:03.452Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to github.com/nwaples/rardecode v2.2.0 or higher"
}
],
"value": "Update to\u00a0github.com/nwaples/rardecode v2.2.0 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DoS via Out Of Memory Crash",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-11579",
"datePublished": "2025-10-10T11:15:15.163Z",
"dateReserved": "2025-10-10T09:12:41.410Z",
"dateUpdated": "2025-12-02T09:30:03.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9081 (GCVE-0-2025-9081)
Vulnerability from cvelistv5 – Published: 2025-09-19 19:36 – Updated: 2025-09-19 19:52
VLAI?
Summary
Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration
Severity ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.5.0 , ≤ 10.5.8
(semver)
Affected: 9.11.0 , ≤ 9.11.17 (semver) Unaffected: 10.11.0 Unaffected: 10.5.9 Unaffected: 9.11.18 |
Credits
daw10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T19:51:48.729159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T19:52:03.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.5.8",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.11.17",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.11.0"
},
{
"status": "unaffected",
"version": "10.5.9"
},
{
"status": "unaffected",
"version": "9.11.18"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daw10"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.5.x \u003c= 10.5.8, 9.11.x \u003c= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T19:36:14.702Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 10.11.0, 10.5.9, 9.11.18 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00502",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64659"
],
"discovery": "EXTERNAL"
},
"title": "IDOR in board file download allows any user to download any file by UUID"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-9081",
"datePublished": "2025-09-19T19:36:14.702Z",
"dateReserved": "2025-08-15T15:45:37.336Z",
"dateUpdated": "2025-09-19T19:52:03.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9079 (GCVE-0-2025-9079)
Vulnerability from cvelistv5 – Published: 2025-09-19 19:22 – Updated: 2025-09-20 03:55
VLAI?
Summary
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.8.0 , ≤ 10.8.3
(semver)
Affected: 10.5.0 , ≤ 10.5.8 (semver) Affected: 9.11.0 , ≤ 9.11.17 (semver) Affected: 10.10.0 , ≤ 10.10.1 (semver) Affected: 10.9.0 , ≤ 10.9.3 (semver) Unaffected: 10.11.0 Unaffected: 10.8.4 Unaffected: 10.5.9 Unaffected: 9.11.18 Unaffected: 10.10.2 Unaffected: 10.9.4 |
Credits
daw10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-20T03:55:43.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.8.3",
"status": "affected",
"version": "10.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.8",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.11.17",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1",
"status": "affected",
"version": "10.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.9.3",
"status": "affected",
"version": "10.9.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.11.0"
},
{
"status": "unaffected",
"version": "10.8.4"
},
{
"status": "unaffected",
"version": "10.5.9"
},
{
"status": "unaffected",
"version": "9.11.18"
},
{
"status": "unaffected",
"version": "10.10.2"
},
{
"status": "unaffected",
"version": "10.9.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daw10"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.8.x \u003c= 10.8.3, 10.5.x \u003c= 10.5.8, 9.11.x \u003c= 9.11.17, 10.10.x \u003c= 10.10.1, 10.9.x \u003c= 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T19:22:00.288Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 10.11.0, 10.8.4, 10.5.9, 9.11.18, 10.10.2, 10.9.4 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00503",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64674"
],
"discovery": "EXTERNAL"
},
"title": "Admin RCE via prepackaged plugins by way of misconfigured imports directory"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-9079",
"datePublished": "2025-09-19T19:22:00.288Z",
"dateReserved": "2025-08-15T15:42:04.648Z",
"dateUpdated": "2025-09-20T03:55:43.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9072 (GCVE-0-2025-9072)
Vulnerability from cvelistv5 – Published: 2025-09-15 10:28 – Updated: 2025-09-15 12:06
VLAI?
Summary
Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies to an attacker-controlled URL.
Severity ?
7.6 (High)
CWE
- CWE-601 - CWE‑601: URL Redirection to Untrusted Site (“Open Redirect”)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.10.0 , ≤ 10.10.1
(semver)
Affected: 10.5.0 , ≤ 10.5.9 (semver) Affected: 10.9.0 , ≤ 10.9.4 (semver) Unaffected: 10.11.0 Unaffected: 10.10.2 Unaffected: 10.5.10 Unaffected: 10.9.5 |
Credits
DoyenSec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T12:03:54.190037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T12:06:57.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.10.1",
"status": "affected",
"version": "10.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.9",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.9.4",
"status": "affected",
"version": "10.9.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.11.0"
},
{
"status": "unaffected",
"version": "10.10.2"
},
{
"status": "unaffected",
"version": "10.5.10"
},
{
"status": "unaffected",
"version": "10.9.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "DoyenSec"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.10.x \u003c= 10.10.1, 10.5.x \u003c= 10.5.9, 10.9.x \u003c= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user\u2019s cookies to an attacker-controlled URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE\u2011601: URL Redirection to Untrusted Site (\u201cOpen Redirect\u201d)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T10:28:17.356Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 10.11.0, 10.10.2, 10.5.10, 10.9.5 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00509",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64910"
],
"discovery": "EXTERNAL"
},
"title": "One-Click Mattermost Account Takeover via Poisoned RelayState SAML Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-9072",
"datePublished": "2025-09-15T10:28:17.356Z",
"dateReserved": "2025-08-15T14:59:12.540Z",
"dateUpdated": "2025-09-15T12:06:57.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9084 (GCVE-0-2025-9084)
Vulnerability from cvelistv5 – Published: 2025-09-15 10:22 – Updated: 2025-09-15 12:24
VLAI?
Summary
Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs
Severity ?
CWE
- CWE-601 - CWE‑601: URL Redirection to Untrusted Site (“Open Redirect”)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.5.0 , ≤ 10.5.9
(semver)
Unaffected: 10.11.0 Unaffected: 10.5.10 |
Credits
Juho Forsén
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T12:24:31.375509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T12:24:41.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.5.9",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.11.0"
},
{
"status": "unaffected",
"version": "10.5.10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juho Fors\u00e9n"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.5.x \u003c= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE\u2011601: URL Redirection to Untrusted Site (\u201cOpen Redirect\u201d)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T10:22:30.184Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 10.11.0, 10.5.10 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00511",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64754"
],
"discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
},
"title": "Open redirect in OAuth login"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-9084",
"datePublished": "2025-09-15T10:22:30.184Z",
"dateReserved": "2025-08-15T16:15:40.630Z",
"dateUpdated": "2025-09-15T12:24:41.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9078 (GCVE-0-2025-9078)
Vulnerability from cvelistv5 – Published: 2025-09-15 10:10 – Updated: 2025-09-15 13:57
VLAI?
Summary
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previews via hash collision attacks on FNV-1 hashing
Severity ?
4.3 (Medium)
CWE
- CWE-328 - Use of Weak Hash
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.8.0 , ≤ 10.8.3
(semver)
Affected: 10.5.0 , ≤ 10.5.8 (semver) Affected: 9.11.0 , ≤ 9.11.17 (semver) Affected: 10.10.0 , ≤ 10.10.1 (semver) Affected: 10.9.0 , ≤ 10.9.3 (semver) Unaffected: 10.11.0 Unaffected: 10.8.4 Unaffected: 10.5.9 Unaffected: 9.11.18 Unaffected: 10.10.2 Unaffected: 10.9.4 |
Credits
daw10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T13:53:35.598807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T13:57:49.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.8.3",
"status": "affected",
"version": "10.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.8",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.11.17",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1",
"status": "affected",
"version": "10.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.9.3",
"status": "affected",
"version": "10.9.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.11.0"
},
{
"status": "unaffected",
"version": "10.8.4"
},
{
"status": "unaffected",
"version": "10.5.9"
},
{
"status": "unaffected",
"version": "9.11.18"
},
{
"status": "unaffected",
"version": "10.10.2"
},
{
"status": "unaffected",
"version": "10.9.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daw10"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.8.x \u003c= 10.8.3, 10.5.x \u003c= 10.5.8, 9.11.x \u003c= 9.11.17, 10.10.x \u003c= 10.10.1, 10.9.x \u003c= 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previews via hash collision attacks on FNV-1 hashing"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328: Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T10:10:06.886Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 10.11.0, 10.8.4, 10.5.9, 9.11.18, 10.10.2, 10.9.4 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00495",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64449"
],
"discovery": "EXTERNAL"
},
"title": "Weak cache keys lead to post IDOR and link preview poisoning"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-9078",
"datePublished": "2025-09-15T10:10:06.886Z",
"dateReserved": "2025-08-15T15:34:54.442Z",
"dateUpdated": "2025-09-15T13:57:49.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9076 (GCVE-0-2025-9076)
Vulnerability from cvelistv5 – Published: 2025-09-15 10:06 – Updated: 2025-09-15 14:05
VLAI?
Summary
Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.10.0 , ≤ 10.10.1
(semver)
Unaffected: 10.11.0 Unaffected: 10.10.2 |
Credits
daw10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T14:05:07.348669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T14:05:16.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.10.1",
"status": "affected",
"version": "10.10.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.11.0"
},
{
"status": "unaffected",
"version": "10.10.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daw10"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.10.x \u003c= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T10:06:15.094Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 10.11.0, 10.10.2 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00513",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64926"
],
"discovery": "EXTERNAL"
},
"title": "Mattermost Server exposes sensitive user credentials during shared channel membership synchronization"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-9076",
"datePublished": "2025-09-15T10:06:15.094Z",
"dateReserved": "2025-08-15T15:26:17.148Z",
"dateUpdated": "2025-09-15T14:05:16.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8402 (GCVE-0-2025-8402)
Vulnerability from cvelistv5 – Published: 2025-08-21 17:01 – Updated: 2025-08-21 17:30
VLAI?
Summary
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature.
Severity ?
4.9 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.8.0 , ≤ 10.8.3
(semver)
Affected: 10.5.0 , ≤ 10.5.8 (semver) Affected: 9.11.0 , ≤ 9.11.17 (semver) Affected: 10.10.0 (semver) Affected: 10.9.0 , ≤ 10.9.3 (semver) Unaffected: 10.11.0 Unaffected: 10.8.4 Unaffected: 10.5.9 Unaffected: 9.11.18 Unaffected: 10.10.1 Unaffected: 10.9.4 |
Credits
daw10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T17:20:44.403747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T17:30:38.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.8.3",
"status": "affected",
"version": "10.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.8",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.11.17",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "10.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.9.3",
"status": "affected",
"version": "10.9.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.11.0"
},
{
"status": "unaffected",
"version": "10.8.4"
},
{
"status": "unaffected",
"version": "10.5.9"
},
{
"status": "unaffected",
"version": "9.11.18"
},
{
"status": "unaffected",
"version": "10.10.1"
},
{
"status": "unaffected",
"version": "10.9.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daw10"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost versions 10.8.x \u0026lt;= 10.8.3, 10.5.x \u0026lt;= 10.5.8, 9.11.x \u0026lt;= 9.11.17, 10.10.x \u0026lt;= 10.10.0, 10.9.x \u0026lt;= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature.\u003c/p\u003e"
}
],
"value": "Mattermost versions 10.8.x \u003c= 10.8.3, 10.5.x \u003c= 10.5.8, 9.11.x \u003c= 9.11.17, 10.10.x \u003c= 10.10.0, 10.9.x \u003c= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T17:01:43.420Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 10.11.0, 10.8.4, 10.5.9, 9.11.18, 10.10.1, 10.9.4 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 10.11.0, 10.8.4, 10.5.9, 9.11.18, 10.10.1, 10.9.4 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00506",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64717"
],
"discovery": "EXTERNAL"
},
"title": "Nil pointer dereference in bulk import crashes server",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-8402",
"datePublished": "2025-08-21T17:01:43.420Z",
"dateReserved": "2025-07-31T00:31:47.312Z",
"dateUpdated": "2025-08-21T17:30:38.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6465 (GCVE-0-2025-6465)
Vulnerability from cvelistv5 – Published: 2025-08-21 17:01 – Updated: 2025-08-21 17:30
VLAI?
Summary
Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs.
Severity ?
4.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.8.0 , ≤ 10.8.3
(semver)
Affected: 10.5.0 , ≤ 10.5.8 (semver) Affected: 10.10.0 (semver) Affected: 10.9.0 , ≤ 10.9.3 (semver) Unaffected: 10.11.0 Unaffected: 10.8.4 Unaffected: 10.5.9 Unaffected: 10.10.1 Unaffected: 10.9.4 |
Credits
daw10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6465",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T17:21:02.910833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T17:30:45.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.8.3",
"status": "affected",
"version": "10.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.8",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "10.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.9.3",
"status": "affected",
"version": "10.9.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.11.0"
},
{
"status": "unaffected",
"version": "10.8.4"
},
{
"status": "unaffected",
"version": "10.5.9"
},
{
"status": "unaffected",
"version": "10.10.1"
},
{
"status": "unaffected",
"version": "10.9.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daw10"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost versions 10.8.x \u0026lt;= 10.8.3, 10.5.x \u0026lt;= 10.5.8, 10.10.x \u0026lt;= 10.10.0, 10.9.x \u0026lt;= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs.\u003c/p\u003e"
}
],
"value": "Mattermost versions 10.8.x \u003c= 10.8.3, 10.5.x \u003c= 10.5.8, 10.10.x \u003c= 10.10.0, 10.9.x \u003c= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment thumbnails via path traversal in file streaming APIs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T17:01:42.866Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 10.11.0, 10.8.4, 10.5.9, 10.10.1, 10.9.4 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 10.11.0, 10.8.4, 10.5.9, 10.10.1, 10.9.4 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00501",
"defect": [
"https://mattermost.atlassian.net/browse/MM-64657"
],
"discovery": "EXTERNAL"
},
"title": "Path traversal in image upload with preview overwrite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-6465",
"datePublished": "2025-08-21T17:01:42.866Z",
"dateReserved": "2025-06-21T00:52:35.389Z",
"dateUpdated": "2025-08-21T17:30:45.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}