CVE-2025-59480
Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses
Vendor
Product
CWE
Yayın Tarihi
2025-11-13 18:15:50
Güncelleme
2026-01-21 19:37:37
Source Identifier
responsibledisclosure@mattermost.com
KEV Date Added
-