CVE-2025-55070

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11

Description Mattermost versions before 11 do not enforce multi-factor authentication on WebSocket connections. This allows unauthenticated users to access sensitive information through WebSocket events.

Recommendations Update to a version of Mattermost that is version 11 or later.

Fix

Improper Access Control

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-306

Related Identifiers

BDU:2025-16015

CVE-2025-55070

GHSA-XPG8-8XPV-948P

GO-2025-4128

Affected Products

Mattermost

CVE-2025-55070

Weakness Enumeration

Related Identifiers

Affected Products

References · 13