CVE-2025-12419
published 2025-11-27CVE-2025-12419: Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID…
critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 10.11.0 < 10.11.5 | 10.11.5 |
| github.com | mattermost_mattermost-server | >= 10.12.0 < 10.12.2 | 10.12.2 |
| github.com | mattermost_mattermost-server | >= 10.5.0 < 10.5.13 | 10.5.13 |
| github.com | mattermost_mattermost-server | >= 11.0.0 < 11.0.4 | 11.0.4 |
| github.com | mattermost_mattermost_server_v8 | >= 0 < 8.0.0-20251028000919-d3ed703dc833 | 8.0.0-20251028000919-d3ed703dc833 |
| mattermost | mattermost | 10.11.0 – 10.11.4 | — |
| mattermost | mattermost | 10.12.0 – 10.12.1 | — |
| mattermost | mattermost | 10.5.0 – 10.5.12 | — |
| mattermost | mattermost | 11.0.0 – 11.0.3 | — |
| mattermost | mattermost_server | >= 10.11.0 < 10.11.5 | 10.11.5 |
| mattermost | mattermost_server | >= 10.12.0 < 10.12.2 | 10.12.2 |
| mattermost | mattermost_server | >= 10.5.0 < 10.5.13 | 10.5.13 |
| mattermost | mattermost_server | >= 11.0.0 < 11.0.4 | 11.0.4 |