CVE 9.9 CRITICAL

Account takeover on OAuth/OpenID-enabled servers_CVE-2025-12419

November 27, 2025 invoker category_cve

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation or admin privileges to take over any user account via manipulation of authentication data during the OAuth completion flow

AI Analysis

Account takeover vulnerability due to improper validation of OAuth state tokens during OpenID Connect authentication

Basic Information

ID CVE-2025-12419

Source Mattermost

Published Nov 27, 2025 at 15:55

Affected Product

Vendor Mattermost

Product Mattermost

Version 10.12.0

Affected Versions Mattermost Mattermost 10.12.0
Mattermost Mattermost 10.11.0
Mattermost Mattermost 10.5.0
Mattermost Mattermost 11.0.0

CWE Classification

CWE-303

AI Assessment

AI Score 9.9 / 10

AI Severity Critical

Vendor Mattermost

Product Mattermost

Version 10.12.1, 10.11.4, 10.5.12, 11.0.3

References

mattermost.com /security-updates

{
    "lastseen": "",
    "description": "Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation or admin privileges to take over any user account via manipulation of authentication data during the OAuth completion flow",
    "published": "2025-11-27T15:55:44.815Z",
    "modified": "2025-11-27T15:55:44.815Z",
    "type": "cve",
    "title": "Account takeover on OAuth/OpenID-enabled servers",
    "source": "Mattermost",
    "references": "https://mattermost.com/security-updates",
    "id": "CVE-2025-12419",
    "bulletinFamily": "",
    "cwe": [
        "CWE-303"
    ],
    "cvelist": null,
    "sourceData": "Mattermost Mattermost 10.12.0\nMattermost Mattermost 10.11.0\nMattermost Mattermost 10.5.0\nMattermost Mattermost 11.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mattermost",
    "version": "10.12.0",
    "vendor": "Mattermost",
    "ai_description": "Account takeover vulnerability due to improper validation of OAuth state tokens during OpenID Connect authentication",
    "ai_severity": "Critical",
    "ai_vendor": "Mattermost",
    "ai_product": "Mattermost",
    "ai_version": "10.12.1, 10.11.4, 10.5.12, 11.0.3",
    "ai_score": 9.9
}

💭 Join the Security Discussion ❌ Cancel Reply