CVE-2025-12419

CRITICAL 9.9

Account takeover on OAuth/OpenID-enabled servers

CVSS Score

9.9

EPSS Score

0.0%

EPSS Percentile

0th

Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.

CWE	CWE-303
Vendor	mattermost
Product	mattermost
Published	Nov 27, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for mattermost mattermost

Be the first to know when new critical vulnerabilities affecting mattermost mattermost are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Mattermost / Mattermost

10.12.0 ≤ 10.12.1 10.11.0 ≤ 10.11.4 10.5.0 ≤ 10.5.12 11.0.0 ≤ 11.0.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

mattermost.com: https://mattermost.com/security-updates

Credits

daw10