← Back to CVEs
CVE-2025-2571
MEDIUM4.2
Description
Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow.
CVE Details
CVSS v3.1 Score4.2
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
Published5/30/2025
Last Modified10/15/2025
Sourcenvd
Honeypot Sightings0
Affected Products
mattermost:mattermost_server
Weaknesses (CWE)
CWE-303
References
https://mattermost.com/security-updates(responsibledisclosure@mattermost.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.