WebSocket Vulnerability in Mattermost by Mattermost Inc.
CVE-2025-55070

6.5MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 14 November 2025

What is CVE-2025-55070?

A significant vulnerability exists in Mattermost versions prior to 11, where the multi-factor authentication mechanism is not enforced on WebSocket connections. This oversight allows unauthenticated users to gain access to sensitive information through WebSocket events, posing a considerable security risk. It is crucial for users to upgrade to the latest version to mitigate this vulnerability and protect their data.

Affected Version(s)

Mattermost <11 <= 11

Mattermost 11.0.0

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2025
Vulnerability Reserved
Oct 15, 2025

Credit

Agniva De Sarker

JSON