Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-13324

Good to know:

icon
icon

Date: December 17, 2025

Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4, 10.12.x <= 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy (version 1) protocol or when the confirming party does not provide a refreshed token, which allows an attacker who has obtained an invite token to authenticate as the remote cluster and perform limited actions on shared channels even after the invitation has been legitimately confirmed.

Severity Score

Related Resources (7)

https://nvd.nist.gov/vuln/detail/CVE-2025-13324
https://github.com/mattermost/mattermost/commit/364c2203de00fe0d8424b6b46d6f0eeb02a2539a
https://github.com/mattermost/mattermost/commit/9f54e5cdc3aef412945ff0e6a58338f7b549bdda
https://github.com/mattermost/mattermost
https://github.com/mattermost/mattermost/commit/7ccb62db7958abd6a4b21a06c5a4f5367a8f8b1f
https://mattermost.com/security-updates
https://www.mend.io/vulnerability-database/CVE-2025-13324

Severity Score

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

icon

Upgrade Version

Upgrade to version github.com/mattermost/mattermost - v10.11.6;github.com/mattermost/mattermost - v10.12.3;github.com/mattermost/mattermost - v11.0.5;github.com/mattermost/mattermost - v10.12.2;github.com/mattermost/mattermost - v10.11.5;github.com/mattermost/mattermost - v11.0.4;github.com/mattermost/mattermost/server/v8 - v8.0.0-20251031095924-e7e23b94e006;github.com/mattermost/mattermost-server - v11.0.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us