CVE-2025-2475

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-2475

Severity

Unknown

Description

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials.

References

https://images.chainguard.dev/security/CGA-mfm7-mj45-93vq
https://github.com/advisories/GHSA-6rqh-8465-2xcw
https://images.chainguard.dev/security/CGA-fg43-88jm-jqgg
https://images.chainguard.dev/security/CGA-7r3g-phgv-g4cx
https://images.chainguard.dev/security/CGA-99x9-fwq6-mx5v
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal