CVE-2025-11794Sensitive Information Exposure in Mattermost Mattermost-server

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.0%
top 89.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Github.com Mattermost Mattermost-serverGithub.com Mattermost Mattermost Server V8Mattermost Server+1 more
Timeline
PublishedNov 14
Latest updateNov 18

Description

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/{user_id}/email/verify/member endpoint

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages4 packages

NVDmattermost/mattermost_server10.5.010.5.12+2
Gogithub.com/mattermost_mattermost-server10.5.0+incompatible10.5.12+incompatible+5
Gogithub.com/mattermost_mattermost_server_v8< 8.0.0-20250929212932-a41db04d2746
CVEListV5mattermost/mattermost10.11.010.11.3+2

🔴Vulnerability Details

4
OSV
Mattermost allows system administrators to access password hashes and MFA secrets in github.com/mattermost/mattermost-server2025-11-18
CVEList
Password hash and MFA secret returned in user email verification endpoint2025-11-14
GHSA
Mattermost allows system administrators to access password hashes and MFA secrets2025-11-14
OSV
Mattermost allows system administrators to access password hashes and MFA secrets2025-11-14
CVE-2025-11794 — Sensitive Information Exposure | cvebase