How severe is CVE-2025-3230?

CVE-2025-3230 has a CVSS v3 score of 5.4 (MEDIUM).

CVE-2025-3230

Name: mattermost_server
Author: mattermost

5.4MEDIUM

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to ma

Publicado: 5/30/2025Actualizado: 10/15/2025

Descripción

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens.

Análisis IAImpulsado por IA

Productos Afectados

mattermostmattermost_server

Referencias

https://mattermost.com/security-updates
Vendor Advisory