Security Advisory

CVE-2025-59480

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-13 17:32:04

Last updated 2025-11-13 18:02:26

Assigner Mattermost

State PUBLISHED

Description

Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses

← Browse all CVEs View on cve.org ↗