How severe is CVE-2025-3230?

CVE-2025-3230 has a CVSS v3 score of 5.4 (MEDIUM).

CVE-2025-3230

Name: mattermost_server
Author: mattermost

5.4MEDIUM

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to ma

Veröffentlicht: 5/30/2025Aktualisiert: 10/15/2025

Beschreibung

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens.

CVE-2025-3230

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to ma

Beschreibung

KI-AnalyseKI-gestützt

Betroffene Produkte

Referenzen