CVE-2025-9072
Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies to an attacker-controlled URL.
Vendor
Product
CWE
Yayın Tarihi
2025-09-15 11:15:34
Güncelleme
2025-09-16 16:00:26
Source Identifier
responsibledisclosure@mattermost.com
KEV Date Added
-