Identity Validation Flaw in Mattermost Affects GitHub Plugin Functionality
CVE-2025-13352

3LOW

Key Information:

Vendor

Mattermost
Status
Mattermost
Vendor
CVE Published:
17 December 2025

What is CVE-2025-13352?

Certain versions of Mattermost and its GitHub plugin are susceptible to an identity validation flaw which compromises the integrity of the reaction forwarding feature. This vulnerability permits attackers to exploit the system by manipulating crafted notification posts. As a result, users may inadvertently add reactions to arbitrary GitHub objects, posing potential risks to the security and authenticity of user interactions within the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mattermost 10.11.0 <= 10.11.6

Mattermost 11.1.0

Mattermost 10.11.7

References

https://mattermost.com/security-updates

CVSS V3.1

Score:
3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Juho Forsén
JSON
.