Multi-Factor Authentication Bypass in Mattermost by Authenticated Users
CVE-2025-30179

6.5MEDIUM

Key Information:

Vendor
Mattermost
Vendor
CVE Published:
21 March 2025

Summary

Certain versions of Mattermost are susceptible to a vulnerability that permits authenticated attackers to bypass multi-factor authentication (MFA) protections. This flaw primarily affects search APIs related to user, channel, and team searches. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive information without proper authentication measures in place.

Affected Version(s)

Mattermost 10.4.0 <= 10.4.2

Mattermost 10.3.0 <= 10.3.3

Mattermost 9.11.0 <= 9.11.8

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

A_osman123
.