CVE-2025-12421

CVSS v3.1

9.9

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.12 Mattermost versions 10.11.x through 10.11.4 Mattermost versions 10.12.x through 10.12.1 Mattermost versions 11.0.x through 11.0.2

Description Mattermost fails to verify that the token used during the code exchange originates from the same authentication flow. This allows an authenticated user to perform account takeover by using a specially crafted email address when switching authentication methods and sending a request to the

/users/login/sso/code-exchange

endpoint. The issue requires

ExperimentalEnableAuthenticationTransfer

to be enabled and

RequireEmailVerification

to be disabled.

Recommendations Mattermost versions 10.5.x through 10.5.12: Update to a newer, fixed version. Mattermost versions 10.11.x through 10.11.4: Update to a newer, fixed version. Mattermost versions 10.12.x through 10.12.1: Update to a newer, fixed version. Mattermost versions 11.0.x through 11.0.2: Update to a newer, fixed version.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-303

Related Identifiers

CVE-2025-12421

Affected Products

Mattermost

CVE-2025-12421

Weakness Enumeration

Related Identifiers

Affected Products

References · 10