CVE-2025-59480
published 2025-11-13CVE-2025-59480: Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | <= 2.32.0 | — |
| mattermost | mattermost_mobile | < 2.33.0 | 2.33.0 |