How severe is CVE-2025-2571?

CVE-2025-2571 has a CVSS v3 score of 4.2 (MEDIUM).

CVE-2025-2571

Name: mattermost_server
Author: mattermost

4.2MEDIUM

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to

Published: 5/30/2025Updated: 10/15/2025

Description

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow.

AI AnalysisPowered by AI

Affected Products

mattermostmattermost_server

References

https://mattermost.com/security-updates
Vendor Advisory