Mattermost · Mattermost · CVE-2025-62690
**Name of the Vulnerable Software and Affected Versions**
Mattermost versions 10.11.0 through 10.11.4
**Description**
The application does not properly validate redirect URLs on the `/error` page. This allows an attacker to redirect a victim to a malicious site by crafting a link that, when opened in a new tab, exploits this flaw. The vulnerable component is the handling of redirect URLs on the `/error` endpoint.
**Recommendations**
Update to a version later than 10.11.4.