How severe is CVE-2025-3230?

CVE-2025-3230 has a CVSS v3 score of 5.4 (MEDIUM).

CVE-2025-3230

Name: mattermost_server
Author: mattermost

5.4MEDIUM

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to ma

Published: 5/30/2025Updated: 10/15/2025

Description

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens.

AI AnalysisPowered by AI

Affected Products

mattermostmattermost_server

References

https://mattermost.com/security-updates
Vendor Advisory