CVE-2025-55070

Publication date

2025-11-14 08:02:24

Family

Mattermost

State

PUBLISHED

Description

Mattermost versions <11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events