VDB

GCVE-VVD-NCSC-2025-378

GCVE-VVD-NCSC-2025-378
Advisory PublishedCVSS 9.9/10
Vulnetix · Advisory published November 28, 2025
Mattermost versions 11.0.x up to 11.0.2, 10.12.x up to 10.12.1, 10.11.x up to 10.11.4, and 10.5.x up to 10.5.12 are vulnerable to account takeover via a crafted email address during authentication.
Download JSON Open in Console

Weaknesses (CWE)

CWE-303Incorrect Implementation of Authentication Algorithm

Risk Scores

CVSS 3.1
9.9/10
Critical · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
Mattermostvers:unknown/*

Aliases

CVE-2025-12421CVE-2025-12419

Transitive aliases

EUVD-2025-199833GO-2025-4168GHSA-3x39-62h4-f8j6BDU:2025-15205BDU:2025-15264VVD-CISA-2025-12421EUVD-2025-199827VVD-CISA-2025-12419GO-2025-4170GHSA-mp6x-97xj-9x62

References

advisory
advisory
advisory
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›