PT-2025-16246 · Mattermost · Mattermost

Eahmed

Publicado

2025-04-14

Atualizado

2025-04-23

CVE-2025-2475

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.9 Mattermost versions 10.4.x through 10.4.3 Mattermost versions 10.5.x through 10.5.1

Description: The issue arises when a user account is converted to a bot, and the cache is not properly invalidated, allowing an attacker to log in to the bot exactly one time using normal credentials.

Recommendations: For versions 9.11.x through 9.11.9, update to a version that includes the cache invalidation fix. For versions 10.4.x through 10.4.3, update to a version that includes the cache invalidation fix. For versions 10.5.x through 10.5.1, update to a version that includes the cache invalidation fix.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-303

Identificadores relacionados

CVE-2025-2475

GHSA-6RQH-8465-2XCW

GO-2025-3610

OPENSUSE-SU-2025:15017-1

Produtos afetados

Mattermost

PT-2025-16246 · Mattermost · Mattermost

CVE-2025-2475

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 42