icon

We found results for “

CVE-2025-9072

Good to know:

icon
icon

Date: September 15, 2025

Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies to an attacker-controlled URL.

Severity Score

Severity Score

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

icon

Upgrade Version

Upgrade to version github.com/mattermost/mattermost - v10.5.10;github.com/mattermost/mattermost - v10.9.5;github.com/mattermost/mattermost - v10.10.2;github.com/mattermost/mattermost-server - v10.10.2;github.com/mattermost/mattermost-server - v10.5.10;github.com/mattermost/mattermost-server - v10.9.5;github.com/mattermost/mattermost/server/v8 - v8.0.0-20250731063404-9eebaadf8f72

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): LOW

Do you need more information?

Contact Us