CVE-2025-3230
30.05.2025, 15:15
Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens.Enginsight
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 9.11.0 ≤ 𝑥 < 9.11.13 |
| mattermost | mattermost_server | 10.5.0 ≤ 𝑥 < 10.5.4 |
| mattermost | mattermost_server | 10.6.0 ≤ 𝑥 < 10.6.3 |
| mattermost | mattermost_server | 10.7.0 ≤ 𝑥 < 10.7.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References