- Description
- Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
- Source
- responsibledisclosure@mattermost.com
- NVD status
- Analyzed
- Products
- mattermost_server
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- responsibledisclosure@mattermost.com
- CWE-303
- Hype score
- Not currently trending
🚨 Critical Vulnerabilities exist in Mattermost (CVE-2025-12421, CVE-2025-12419) - please see the @ncsc_gov_ie advisory for further info: https://t.co/7a1MBkog4L
@ncsc_gov_ie
28 Nov 2025
520 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
Warning: Two Critical Account Takeover flaws in Mattermost! #CVE-2025-12421 and #CVE-2025-12419, CVSS 9.9. These allow an authenticated attacker to perform full account takeover! #Patch #Patch #Patch More info: https://t.co/4mDcbZmfV7
@CCBalert
28 Nov 2025
232 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-12421: CRITICAL] Critical cyber security flaw in Mattermost versions 10.5.x to 11.0.2 allows account takeover via crafted email address. Update now to protect your data!#cve,CVE-2025-12421,#cybersecurity https://t.co/VWNy8lqlrX https://t.co/68fCMow2na
@CveFindCom
27 Nov 2025
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mattermost CVE-2025-12421: Critical SSO Flaw A critical SSO code exchange bug in Mattermost lets attackers take over accounts. Patch ASAP to secure your teams. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #SSO https://t.co/w75SSTybla
@ZeroPathLabs
27 Nov 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12421 Authentication Bypass Vulnerability in Mattermost Enabling Account Takeover https://t.co/o43wbEMx7E
@VulmonFeeds
27 Nov 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12421 Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange origina… https://t.co/ugDlLgCHWb
@CVEnew
27 Nov 2025
288 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91D99F7F-B4EE-447C-9B77-82DD64B1D83A",
"versionEndExcluding": "10.5.13",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8368192-621C-4043-827E-DB4F6946AD92",
"versionEndExcluding": "10.11.5",
"versionStartIncluding": "10.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED48D731-6490-4DD5-94D4-EE4555BB93ED",
"versionEndExcluding": "10.12.2",
"versionStartIncluding": "10.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A288B87-76F2-415B-8462-3D185EB7A9B3",
"versionEndExcluding": "11.0.3",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]