CVE-2025-2571

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-2571

Severity

4.2

Medium

CVSS V3

Description

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow.

References

https://images.chainguard.dev/security/CGA-qmv6-7gp2-hfc6
https://github.com/advisories/GHSA-8cgx-9ccj-3gwr
https://images.chainguard.dev/security/CGA-48m8-gjq3-7hwm
https://images.chainguard.dev/security/CGA-hrcg-3wv6-7jxm
https://images.chainguard.dev/security/CGA-rjq5-938m-xw22
https://images.chainguard.dev/security/CGA-vv57-jqw4-x9jm
https://mattermost.com/security-updates

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-2571

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company