Multi-Factor Authentication Bypass in Mattermost by Authenticated Users
CVE-2025-30179

6.5MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 21 March 2025

Summary

Certain versions of Mattermost are susceptible to a vulnerability that permits authenticated attackers to bypass multi-factor authentication (MFA) protections. This flaw primarily affects search APIs related to user, channel, and team searches. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive information without proper authentication measures in place.

Affected Version(s)

Mattermost 10.4.0 <= 10.4.2

Mattermost 10.3.0 <= 10.3.3

Mattermost 9.11.0 <= 9.11.8

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2025
Vulnerability Reserved
Mar 20, 2025

Credit

A_osman123