CVE-2025-9084

Summary

Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost10.5.0 <= 10.5.9affected
MattermostMattermost10.11.0unaffected
MattermostMattermost10.5.10unaffected

Weaknesses

  • CWE-601: CWE‑601: URL Redirection to Untrusted Site (“Open Redirect”)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References