CVE-2025-9084
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-09-16
Assigner: Mattermost, Inc.
Description
Description
Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mattermost | mattermost_server | From 10.5.0 (inc) to 10.5.10 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Mattermost versions 10.5.x up to 10.5.9 have a vulnerability where they do not properly validate redirect URLs during OAuth login. This flaw allows attackers to craft malicious OAuth login URLs that redirect users to harmful websites.
How can this vulnerability impact me? :
This vulnerability can lead users to be redirected to malicious sites, potentially exposing them to phishing attacks or other harmful activities. Although it does not directly compromise confidentiality or availability, it can lead to limited integrity issues by misleading users.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70