mattermost

575 tracked vulnerabilities.

CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
Nov 27, 2025
CVSS 9.9
EPSS 0.00
CVE-2025-12559 MEDIUM
Mattermost <11.0.2-10.5.12 - Info Disclosure
Nov 27, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-12419 CRITICAL
Mattermost <10.12.1, 10.11.4, 10.5.12, 11.0.3 - Open Redirect
Nov 27, 2025
CVSS 9.9
EPSS 0.00
CVE-2025-55074 LOW
Mattermost <10.11.4, <10.5.12 - Info Disclosure
Nov 18, 2025
CVSS 3.0
EPSS 0.00
CVE-2025-11794 MEDIUM
Mattermost 10.5.0-10.5.11, 10.11.0-10.11.3, 10.12.0 - Unauthorized Exposure of Password Hashes and MFA Secrets
Nov 14, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-55073 MEDIUM
Mattermost <10.11.3, 10.5.11, 10.12.0 - Open Redirect
Nov 14, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-55070 MEDIUM
Mattermost <11 - Unauthenticated Information Disclosure via WebSocket Events
Nov 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-41436 LOW
Mattermost < 11.0 - Unauthenticated Archived Channel Access via Open in Channel Functionality
Nov 14, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-11776 MEDIUM
Mattermost < 11.0.0 - Unauthenticated Archived Channel Discovery via Search API
Nov 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-59480 MEDIUM
Mattermost Mobile Apps <= 2.32.0 - Cross-Site Request Forgery via SSO Redirect Token
Nov 13, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-11777 LOW
Mattermost 10.5.0-10.5.11 and 10.11.0-10.11.3 - Incorrect Authorization via Add Channel Member API
Nov 13, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-55035 MEDIUM
Mattermost Desktop App <=5.13.0 - DoS
Oct 16, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-58075 HIGH
Mattermost 10.5.0-10.5.10 10.10.0-10.10.2 10.11.0-10.11.1 - Unauthenticated Team Join via RelayState Manipulation
Oct 16, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-58073 HIGH
Mattermost 10.5.0-10.5.10 10.10.0-10.10.2 10.11.0-10.11.1 - Unauthenticated Team Join via OAuth State Manipulation
Oct 16, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-54499 LOW
Mattermost <10.5.10, <10.11.2 - Info Disclosure
Oct 16, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-41410 MEDIUM
Mattermost 10.5.0-10.5.10 10.10.0-10.10.2 10.11.0-10.11.2 - Missing Authorization via Slack Import Process
Oct 16, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-10545 LOW
Mattermost 10.5.0-10.5.10 and 10.11.0-10.11.2 - Incorrect Authorization via Channel Member Endpoint
Oct 16, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-41443 MEDIUM
Mattermost 10.5.0-10.5.12 and 10.11.0-10.11.2 - Missing Authorization via Channel IDs Endpoint
Oct 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-58084 LOW
Mattermost Desktop App <=5.13.0 - SSRF
Oct 13, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-9081 LOW
Mattermost <10.5.8, <9.11.17 - Info Disclosure
Sep 19, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-9079 HIGH
Mattermost <10.8.4 - Code Injection
Sep 19, 2025
CVSS 8.0
EPSS 0.00
CVE-2025-9084 LOW
Mattermost 10.5.0-10.5.9 - Open Redirect via OAuth Login URL
Sep 15, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-9072 HIGH
Mattermost <10.10.1-10.5.9-10.9.4 - Open Redirect
Sep 15, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-9078 MEDIUM
Mattermost <10.8.4 - Info Disclosure
Sep 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-9076 MEDIUM
Mattermost <10.10.2 - Info Disclosure
Sep 15, 2025
CVSS 6.5
EPSS 0.00
Products
mattermost_server 412 mattermost 233 mattermost-server 186 Mattermost 74 mattermost_desktop 23 mattermost_mobile 20 confluence 14 mattermost-plugin-confluence 14 mattermost-plugin-msteams 4 mattermost-plugin-playbooks 4 mattermost-plugin-jira 3 Focalboard 2 focalboard 2 mattermost-plugin-boards 2 mattermost-plugin-calls 2 mattermost-plugin-zoom 2 mattermost_boards 2 ms_teams 2 playbooks 2 zoom 2 channel_export 1 mattermost-plugin-channel-export 1 mattermost-plugin-github 1 mattermost_channel_export 1 mattermost_packages 1 mattermost_plugins 1
Quick Filters
Critical CVEs With Exploits In CISA KEV