CVE-2025-55070
published 2025-11-14CVE-2025-55070: Mattermost versions <11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Mattermost versions <11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 0 < 11.1.0 | 11.1.0 |
| github.com | mattermost_mattermost-server | >= 0 < 11.1.0+incompatible | 11.1.0+incompatible |
| github.com | mattermost_mattermost_server_v8 | >= 0 < 8.0.0-20250912063506-7d8b7b5e4a60 | 8.0.0-20250912063506-7d8b7b5e4a60 |
| mattermost | mattermost | <= <11 | — |
| mattermost | mattermost_server | < 11.0.0 | 11.0.0 |