AI description
CVE-2025-12419 is a vulnerability affecting Mattermost versions 10.12.x through 10.12.1, 10.11.x through 10.11.4, 10.5.x through 10.5.12, and 11.0.x through 11.0.3. It stems from the improper validation of OAuth state tokens during OpenID Connect authentication. This vulnerability allows an authenticated attacker with team creation or admin privileges to potentially take over a user account. The account takeover is achieved through manipulation of authentication data during the OAuth completion flow. Exploitation requires email verification to be disabled, OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system, where one of them has never logged into Mattermost.
- Description
- Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Analyzed
- Products
- mattermost_server
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- responsibledisclosure@mattermost.com
- CWE-303
- Hype score
- Not currently trending
🚨 Critical Vulnerabilities exist in Mattermost (CVE-2025-12421, CVE-2025-12419) - please see the @ncsc_gov_ie advisory for further info: https://t.co/7a1MBkog4L
@ncsc_gov_ie
28 Nov 2025
520 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
Warning: Two Critical Account Takeover flaws in Mattermost! #CVE-2025-12421 and #CVE-2025-12419, CVSS 9.9. These allow an authenticated attacker to perform full account takeover! #Patch #Patch #Patch More info: https://t.co/4mDcbZmfV7
@CCBalert
28 Nov 2025
232 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12419 OAuth State Token Bypass in Mattermost Enabling Unauthorized Account Takeover https://t.co/G258IstTaF
@VulmonFeeds
27 Nov 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-12419: CRITICAL] Vulnerability in Mattermost versions 10.5.x to 10.12.1 allows attackers with admin privileges to take over user accounts during OAuth authentication. Update to patch the issue.#cve,CVE-2025-12419,#cybersecurity https://t.co/un3TDVE9Wb https://t.co/QmmYA
@CveFindCom
27 Nov 2025
64 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12419 Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect aut… https://t.co/r8DJzKiySh
@CVEnew
27 Nov 2025
315 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91D99F7F-B4EE-447C-9B77-82DD64B1D83A",
"versionEndExcluding": "10.5.13",
"versionStartIncluding": "10.5.0"
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8368192-621C-4043-827E-DB4F6946AD92",
"versionEndExcluding": "10.11.5",
"versionStartIncluding": "10.11.0"
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED48D731-6490-4DD5-94D4-EE4555BB93ED",
"versionEndExcluding": "10.12.2",
"versionStartIncluding": "10.12.0"
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "387D98AD-59D7-4783-B0D2-E5CF2F7343B0",
"versionEndExcluding": "11.0.4",
"versionStartIncluding": "11.0.0"
}
],
"operator": "OR"
}
]
}
]