Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mattermost — Vulnerabilities & Security Advisories 382

Browse all 382 CVE security advisories affecting Mattermost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Mattermost:MattermostMattermost Confluence PluginMattermost DesktopMattermost BoardsMattermost PlaybooksMattermost App FrameworkFocalboardPlaybooks PluginMattermost Github PluginMattermost iOS appMattermost PluginsMattermost Mobile
CVE IDTitleCVSSSeverityPublished
CVE-2025-12689 DoS in Calls plugin via malformed UTF-8 in WebSocket request — MattermostCWE-1287 6.5 Medium2025-12-17
CVE-2025-62690 Open redirect in error page when link opened in new tab — MattermostCWE-601 3.1 Low2025-12-17
CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking — MattermostCWE-1287 3.0 Low2025-12-17
CVE-2025-62190 CSRF Allows Call Initiation and Message Delivery — MattermostCWE-352 4.3 Medium2025-12-17
CVE-2025-13870 Unauthorized access and subscription vulnerability in Boards — MattermostCWE-306 3.1 Low2025-12-02
CVE-2025-12756 Insecure Direct Object Reference in Mattermost Boards Plugin Enables Unauthorised Comment Deletion — MattermostCWE-863 4.3 Medium2025-12-01
CVE-2025-12421 Account Takeover via Code Exchange Endpoint — MattermostCWE-303 9.9 Critical2025-11-27
CVE-2025-12559 Information Disclosure in Common Teams API — MattermostCWE-200 4.3 Medium2025-11-27
CVE-2025-12419 Account takeover on OAuth/OpenID-enabled servers — MattermostCWE-303 9.9 Critical2025-11-27
CVE-2025-55074 Channel member objects leak read status — MattermostCWE-1426 3.0 Low2025-11-18
CVE-2025-11794 Password hash and MFA secret returned in user email verification endpoint — MattermostCWE-200 4.9 Medium2025-11-14
CVE-2025-55073 MS Teams plugin OAuth allows editing arbitrary posts — MattermostCWE-306 5.4 Medium2025-11-14
CVE-2025-55070 Lack of MFA enforcement in WebSocket connections — MattermostCWE-306 6.5 Medium2025-11-14
CVE-2025-41436 Unauthorized access to archived channel content via threads interface — MattermostCWE-863 3.1 Low2025-11-14
CVE-2025-11776 Guest user can discover archived public channels — MattermostCWE-863 4.3 Medium2025-11-14
CVE-2025-59480 Inadequate validation of SSO redirect credentials permits credential theft — MattermostCWE-352 6.1 Medium2025-11-13
CVE-2025-11777 Cross-team channel membership access — MattermostCWE-863 3.1 Low2025-11-13
CVE-2025-55035 Mattermost Desktop DoS when user has basic authentication server configured — MattermostCWE-754 6.1 Medium2025-10-16
CVE-2025-58073 Arbitrary Mattermost Team can be joined by manipulating the OAuth state — MattermostCWE-862 8.1 High2025-10-16
CVE-2025-41410 Slack import bypasses email verification for team access controls — MattermostCWE-862 5.4 Medium2025-10-16
CVE-2025-10545 Guest user can add unauthorized team users to private channels — MattermostCWE-863 3.1 Low2025-10-16
CVE-2025-58075 Arbitrary Mattermost Team can be joined by manipulating the SAML RelayState — MattermostCWE-862 8.1 High2025-10-16
CVE-2025-54499 Insecure string comparison enables timing attacks — MattermostCWE-208 3.1 Low2025-10-16
CVE-2025-41443 Guest user can discover active public channels — MattermostCWE-862 4.3 Medium2025-10-16
CVE-2025-58084 Mattermost Desktop App crashes when clicking on malformed external URL — MattermostCWE-1287 3.5 Low2025-10-13
CVE-2025-9081 IDOR in board file download allows any user to download any file by UUID — MattermostCWE-639 3.1 Low2025-09-19
CVE-2025-9079 Admin RCE via prepackaged plugins by way of misconfigured imports directory — MattermostCWE-22 8.0 High2025-09-19
CVE-2025-9072 One-Click Mattermost Account Takeover via Poisoned RelayState SAML Parameter — MattermostCWE-601 7.6 High2025-09-15
CVE-2025-9084 Open redirect in OAuth login — MattermostCWE-601 3.1 Low2025-09-15
CVE-2025-9078 Weak cache keys lead to post IDOR and link preview poisoning — MattermostCWE-328 4.3 Medium2025-09-15

This page lists every published CVE security advisory associated with Mattermost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.