cbcvebase.
CVE-2025-9084
published 2025-09-15

CVE-2025-9084: Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth…

medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs

Affected

5 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server>= 10.5.0 < 10.5.1010.5.10
github.commattermost_mattermost-server>= 10.5.0+incompatible < 10.5.10+incompatible10.5.10+incompatible
github.commattermost_mattermost_server_v8>= 0 < 8.0.0-202508080704-39bd251fe4f6008.0.0-202508080704-39bd251fe4f600
mattermostmattermost10.5.0 – 10.5.9
mattermostmattermost_server>= 10.5.0 < 10.5.1010.5.10