VDB
CVE-2025-12689
CVE-2025-12689
PUBLISHED
CVSS 8.699999809265137 HIGH
Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in
EPSS 0.09% · 25.7th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.09%
25.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mattermost | Mattermost | 10.11.0, 11.1.0, 11.0.0 |
| mattermost | mattermost_server | 10.12.0, 10.11.0, 10.11.0 |
| github.com | mattermost/mattermost-plugin-calls | 0, 0, 0 |
Timeline
- Dec 17, 2025 CVE Published
- Dec 18, 2025 EPSS Score
- Dec 20, 2025 CVE Updated
- Dec 22, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 30, 2025 EPSS Score
- Jan 3, 2026 EPSS Score
- Jan 6, 2026 EPSS Score
- Jan 10, 2026 EPSS Score
- Jan 14, 2026 EPSS Score
- Jan 16, 2026 PoC Published
- Jan 18, 2026 EPSS Score
References
- https://mattermost.com/security-updates/ advisory
- https://mattermost.com/security-updates advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-12689 advisory
- https://github.com/mattermost/mattermost-plugin-calls/commit/f68b41980e1274e05cf91c687e2af1a73c5e36ca url
- https://github.com/mattermost/mattermost package