PT-2025-42443 · Mattermost · Mattermost

Daw10

·

Publicado

2025-10-16

·

Atualizado

2025-11-07

·

CVE-2025-41410

CVSS v2.0

5.5

Média

VetorAV:N/AC:L/Au:S/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.10.x through 10.10.2 Mattermost versions 10.5.x through 10.5.10 Mattermost versions 10.11.x through 10.11.2
Description The software does not properly validate email ownership during a Slack import process. This allows attackers to create verified user accounts with arbitrary email domains by providing malicious Slack import data. This bypasses email-based team access restrictions.
Recommendations Update Mattermost to a version later than 10.10.2. Update Mattermost to a version later than 10.5.10. Update Mattermost to a version later than 10.11.2.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

BDU:2025-13340
CVE-2025-41410
GHSA-3Q4Q-WQM6-HVF3
GO-2025-4029
OPENSUSE-SU-2025:15710-1

Produtos afetados

Mattermost