Security Advisory

CVE-2025-54499

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-16 08:17:20

Last updated 2025-10-16 13:51:10

Assigner Mattermost

State PUBLISHED

Description

Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets

← Browse all CVEs View on cve.org ↗