SecuriTricks - CVE-2025-12419

Description

Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.

Product(s) Impacted

Vendor	Product	Versions
Mattermost	Mattermost Server	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-303

Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	mattermost	mattermost_server	/	/	/	/	/	/	/	/
a	mattermost	mattermost_server	/	/	/	/	/	/	/	/
a	mattermost	mattermost_server	/	/	/	/	/	/	/	/
a	mattermost	mattermost_server	/	/	/	/	/	/	/	/

References

https://mattermost.com/security-updates

CVSS Score

9.9 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

View Vector String

Timeline

Published: Nov. 27, 2025, 4:15 p.m.
Last Modified: Dec. 3, 2025, 3:17 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

responsibledisclosure@mattermost.com

CVE-2025-12419