How severe is CVE-2025-2571?

CVE-2025-2571 has a CVSS v3 score of 4.2 (MEDIUM).

CVE-2025-2571

Name: mattermost_server
Author: mattermost

4.2MEDIUM

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to

Publicado: 5/30/2025Actualizado: 10/15/2025

Descripción

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow.

Análisis IAImpulsado por IA

Productos Afectados

mattermostmattermost_server

Referencias

https://mattermost.com/security-updates
Vendor Advisory