Security Advisory

CVE-2025-55073

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-14 08:03:16

Last updated 2025-11-14 15:46:58

Assigner Mattermost

State PUBLISHED

Description

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL.

← Browse all CVEs View on cve.org ↗