CVE-2025-3230
EUVD-2025-1649130.05.2025, 15:15
Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 9.11.0 ≤ 𝑥 < 9.11.13 |
| mattermost | mattermost_server | 10.5.0 ≤ 𝑥 < 10.5.4 |
| mattermost | mattermost_server | 10.6.0 ≤ 𝑥 < 10.6.3 |
| mattermost | mattermost_server | 10.7.0 ≤ 𝑥 < 10.7.1 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mattermost | mattermost | 10.7.0 | CNA |
| mattermost | mattermost | 10.6.0 ≤ 𝑥 ≤ 10.6.2 | CNA |
| mattermost | mattermost | 10.5.0 ≤ 𝑥 ≤ 10.5.3 | CNA |
| mattermost | mattermost | 9.11.0 ≤ 𝑥 ≤ 9.11.12 | CNA |
Common Weakness Enumeration
References