PT-2025-12412 · Mattermost · Mattermost

A_Osman123

Published

2025-03-21

Updated

2025-03-28

CVE-2025-30179

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 9.11.x through 9.11.8 Mattermost versions 10.3.x through 10.3.3 Mattermost versions 10.4.x through 10.4.2

Description The issue allows authenticated attackers to bypass MFA protections through user search, channel search, or team search queries, as certain search APIs do not implement MFA.

Recommendations For versions 9.11.x through 9.11.8, update to a version that enforces MFA on search APIs. For versions 10.3.x through 10.3.3, update to a version that enforces MFA on search APIs. For versions 10.4.x through 10.4.2, update to a version that enforces MFA on search APIs.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BIT-MATTERMOST-2025-30179

CVE-2025-30179

GHSA-3GPX-P63P-PR5R

GO-2025-3549

OPENSUSE-SU-2025:14937-1

Affected Products

Mattermost

PT-2025-12412 · Mattermost · Mattermost

CVE-2025-30179

Weakness Enumeration

Related Identifiers

Affected Products

References · 45