OAuth Authorization Flaw in Mattermost Plugin Affects Multiple Versions
CVE-2025-55073

5.4MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 14 November 2025

What is CVE-2025-55073?

Mattermost versions 10.11.x (up to 10.11.3), 10.5.x (up to 10.5.11), and 10.12.x (up to 10.12.0) are susceptible to a vulnerability that compromises the integrity of post updates. The issue arises from a failure to properly validate the relationship between the posts being updated and the OAuth flow of the MSTeams plugin, allowing malicious actors to exploit crafted OAuth redirect URLs to edit arbitrary posts within the platform.

Affected Version(s)

Mattermost 10.11.0 <= 10.11.3

Mattermost 10.5.0 <= 10.5.11

Mattermost 10.12.0

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2025
Vulnerability Reserved
Oct 15, 2025

Credit

Juho Forsén

JSON