CVE-2025-62690 — Vulnetix

CVE-2025-62690 PUBLISHED CVSS 6.099999904632568 MEDIUM

Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab.

EPSS 0.03% · 10.0th percentile

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.03%

10.0th percentile

Affected Products

Vendor	Product	Versions
mattermost	mattermost_server	10.11.0
Mattermost	Mattermost	10.11.0, 10.11.5, 11.1.0
github.com	mattermost/mattermost	10.11.0-rc1, 11.0.0-alpha.1
github.com	mattermost/mattermost/server/v8	8.0.0-20250721062209-4952acea88ce

Timeline

Nov 17, 2025 CVE ID Reserved
Dec 17, 2025 CVE Published
Dec 17, 2025 PoC Published
Dec 18, 2025 CVE Updated
Dec 18, 2025 EPSS Score
Dec 22, 2025 EPSS Score
Dec 26, 2025 EPSS Score
Dec 30, 2025 EPSS Score
Jan 2, 2026 EPSS Score
Jan 6, 2026 EPSS Score
Jan 10, 2026 EPSS Score
Jan 14, 2026 EPSS Score

References

https://mattermost.com/security-updates url
https://nvd.nist.gov/vuln/detail/CVE-2025-62690 advisory
https://github.com/mattermost/mattermost/commit/dad6bd7a1509054580a0898bbc0e026aac3b30cb url
https://github.com/mattermost/mattermost package

Open in Interactive Console →