How severe is CVE-2025-2571?

CVE-2025-2571 has a CVSS v3 score of 4.2 (MEDIUM).

CVE-2025-2571

Name: mattermost_server
Author: mattermost

4.2MEDIUM

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to

Publicado: 5/30/2025Atualizado: 10/15/2025

Descrição

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow.

Análise IADesenvolvido por IA

Produtos Afetados

mattermostmattermost_server

Referências

https://mattermost.com/security-updates
Vendor Advisory