CVE-2025-12421
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-27

Last updated on: 2025-12-03

Assigner: Mattermost, Inc.

Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-27
Last Modified
2025-12-03
Generated
2026-06-16
AI Q&A
2025-11-27
EPSS Evaluated
2026-06-14
NVD
CVE-2025-12421
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
mattermost mattermost_server From 10.5.0 (inc) to 10.5.13 (exc)
mattermost mattermost_server From 10.11.0 (inc) to 10.11.5 (exc)
mattermost mattermost_server From 10.12.0 (inc) to 10.12.2 (exc)
mattermost mattermost_server From 11.0.0 (inc) to 11.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-303 The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Mattermost versions up to 11.0.2 and certain 10.x versions occurs because the system fails to verify that the token used during the code exchange is from the same authentication flow. This flaw allows an authenticated user to take over another user's account by using a specially crafted email address when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires the ExperimentalEnableAuthenticationTransfer setting to be enabled and the RequireEmailVerification setting to be disabled.

Impact Analysis

This vulnerability can lead to a complete account takeover by an authenticated user, potentially allowing unauthorized access to sensitive information, impersonation of other users, and full control over the affected accounts. Given the high CVSS score of 9.9, the impact includes confidentiality, integrity, and availability being severely compromised.

Mitigation Strategies

To mitigate this vulnerability, ensure that the ExperimentalEnableAuthenticationTransfer setting is disabled or verify that RequireEmailVerification is enabled. Additionally, upgrade Mattermost to a version later than 11.0.2, 10.12.1, 10.11.4, or 10.5.12 as applicable to your version series.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12421. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart