CVE-2025-9084

MEDIUM WAF: Medium

CVSS 6.1 Published: 2025-09-15

CWE-601

Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs

WAF Coverage Analysis

Open Redirect Medium WAF Coverage

OWASP: A01:2021 Broken Access Control

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
mattermost	mattermost_server	10.5.0 - 10.5.10

References

mattermost.com (Vendor Advisory)

Back to CVE Database