CVE-2025-55073

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Mattermost versions 10.12.x through 10.12.0

Description The Mattermost application does not properly validate the relationship between a post being updated and the Microsoft Teams (MSTeams) plugin OAuth flow. This allows an attacker to modify any post by using a specially crafted MSTeams plugin OAuth redirect URL. The issue involves a failure to validate the connection between the post update and the OAuth process.

Recommendations Update Mattermost to a version later than 10.5.11. Update Mattermost to a version later than 10.11.3. Update Mattermost to a version later than 10.12.0.

Fix

Improper Access Control

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-306

Related Identifiers

BDU:2025-16014

CVE-2025-55073

GHSA-FF85-QW3H-G9VP

GO-2025-4129

Affected Products

Mattermost

Teams (Msteams) Plugin

CVE-2025-55073

Weakness Enumeration

Related Identifiers

Affected Products

References · 18