CVE-2025-41410
Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data to bypass email-based team access restrictions
Vendor
Product
CWE
Yayın Tarihi
2025-10-16 09:15:33
Güncelleme
2025-10-21 18:00:54
Source Identifier
responsibledisclosure@mattermost.com
KEV Date Added
-