- Description
- Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Analyzed
- Products
- mattermost_server
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- responsibledisclosure@mattermost.com
- CWE-303
- Hype score
- Not currently trending
`Mattermost` (`CVE-2025-12419`) has an authentication bypass flaw via `OAuth` state token validation during `OpenID Connect`. Affects 10.12.1, 10.11.4, 10.5.12, 11.0.3. Patch advised. #Mattermost #AuthBypass #infosec https://t.co/7qHNksHNwH
@pulsepatchio
13 Mar 2026
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Vulnerabilities exist in Mattermost (CVE-2025-12421, CVE-2025-12419) - please see the @ncsc_gov_ie advisory for further info: https://t.co/7a1MBkog4L
@ncsc_gov_ie
28 Nov 2025
520 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
Warning: Two Critical Account Takeover flaws in Mattermost! #CVE-2025-12421 and #CVE-2025-12419, CVSS 9.9. These allow an authenticated attacker to perform full account takeover! #Patch #Patch #Patch More info: https://t.co/4mDcbZmfV7
@CCBalert
28 Nov 2025
232 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12419 OAuth State Token Bypass in Mattermost Enabling Unauthorized Account Takeover https://t.co/G258IstTaF
@VulmonFeeds
27 Nov 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-12419: CRITICAL] Vulnerability in Mattermost versions 10.5.x to 10.12.1 allows attackers with admin privileges to take over user accounts during OAuth authentication. Update to patch the issue.#cve,CVE-2025-12419,#cybersecurity https://t.co/un3TDVE9Wb https://t.co/QmmYA
@CveFindCom
27 Nov 2025
64 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12419 Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect aut… https://t.co/r8DJzKiySh
@CVEnew
27 Nov 2025
315 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91D99F7F-B4EE-447C-9B77-82DD64B1D83A",
"versionEndExcluding": "10.5.13",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8368192-621C-4043-827E-DB4F6946AD92",
"versionEndExcluding": "10.11.5",
"versionStartIncluding": "10.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED48D731-6490-4DD5-94D4-EE4555BB93ED",
"versionEndExcluding": "10.12.2",
"versionStartIncluding": "10.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "387D98AD-59D7-4783-B0D2-E5CF2F7343B0",
"versionEndExcluding": "11.0.4",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]