VDB
CVE-2025-13324
CVE-2025-13324
PUBLISHED
CVSS 3.700000047683716 LOW
Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation
EPSS 0.03% · 10.5th percentile
Risk Scores
CVSS v3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.03%
10.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | mattermost/mattermost-server | 0 |
| github.com | mattermost/mattermost | 11.0.0-alpha.1, 10.12.0, 10.11.0-rc1 |
| mattermost | mattermost_server | 11.0.0, 10.12.0, 10.11.0 |
| github.com | mattermost/mattermost/server/v8 | 0 |
| Mattermost | Mattermost | 11.0.5, 10.11.0, 10.12.3 |
Timeline
- Dec 17, 2025 CVE Published
- Dec 18, 2025 EPSS Score
- Dec 22, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 26, 2025 CVE Updated
- Dec 30, 2025 EPSS Score
- Jan 2, 2026 EPSS Score
- Jan 6, 2026 EPSS Score
- Jan 10, 2026 EPSS Score
- Jan 14, 2026 EPSS Score
- Jan 18, 2026 EPSS Score
- Jan 22, 2026 EPSS Score
References
- https://mattermost.com/security-updates url
- https://nvd.nist.gov/vuln/detail/CVE-2025-13324 advisory
- https://github.com/mattermost/mattermost/commit/364c2203de00fe0d8424b6b46d6f0eeb02a2539a url
- https://github.com/mattermost/mattermost/commit/7ccb62db7958abd6a4b21a06c5a4f5367a8f8b1f url
- https://github.com/mattermost/mattermost/commit/9f54e5cdc3aef412945ff0e6a58338f7b549bdda url
- https://github.com/mattermost/mattermost package