PT-2025-46948 · Mattermost · Teams (Msteams) Plugin+1

Juho Forsén

Publicado

2025-10-15

Atualizado

2025-11-20

CVE-2025-55073

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Mattermost versions 10.12.x through 10.12.0

Description The Mattermost application does not properly validate the relationship between a post being updated and the Microsoft Teams (MSTeams) plugin OAuth flow. This allows an attacker to modify any post by using a specially crafted MSTeams plugin OAuth redirect URL. The issue involves a failure to validate the connection between the post update and the OAuth process.

Recommendations Update Mattermost to a version later than 10.5.11. Update Mattermost to a version later than 10.11.3. Update Mattermost to a version later than 10.12.0.

Correção

Improper Access Control

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-306

Identificadores relacionados

BDU:2025-16014

CVE-2025-55073

GHSA-FF85-QW3H-G9VP

GO-2025-4129

Produtos afetados

Mattermost

Teams (Msteams) Plugin

PT-2025-46948 · Mattermost · Teams (Msteams) Plugin+1

CVE-2025-55073

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18