CVE-2025-62690
MEDIUM WAF: Medium
CVSS 6.1
Published: 2025-12-17
CWE-601
Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 10.11.0 - 10.11.5 |
References
- mattermost.com (Vendor Advisory)