{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6227", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2025-06-18T10:41:49.989Z", "datePublished": "2025-07-18T11:39:46.005Z", "dateUpdated": "2025-07-18T13:44:00.998Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "10.5.7", "status": "affected", "version": "10.5.0", "versionType": "semver"}, {"lessThanOrEqual": "9.11.16", "status": "affected", "version": "9.11.0", "versionType": "semver"}, {"version": "10.9.0", "status": "unaffected"}, {"version": "10.5.8", "status": "unaffected"}, {"version": "9.11.17", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Miguel de la Cruz"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API."}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "LOW", "baseScore": 2.2}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-522: Insufficiently Protected Credentials", "cweId": "CWE-522"}]}], "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"value": "Update Mattermost to versions 10.9.0, 10.5.8, 9.11.17 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2025-00474", "defect": ["https://mattermost.atlassian.net/browse/MM-63931"], "discovery": "EXTERNAL"}, "title": "Invite token is used as part of the secure communication", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2025-07-18T11:39:46.005Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-18T13:43:55.354516Z", "id": "CVE-2025-6227", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T13:44:00.998Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6227", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-18T13:43:55.354516Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T13:43:58.146Z"}}], "cna": {"title": "Invite token is used as part of the secure communication", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-63931"], "advisory": "MMSA-2025-00474", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Miguel de la Cruz"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.2, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "10.5.0", "versionType": "semver", "lessThanOrEqual": "10.5.7"}, {"status": "affected", "version": "9.11.0", "versionType": "semver", "lessThanOrEqual": "9.11.16"}, {"status": "unaffected", "version": "10.9.0"}, {"status": "unaffected", "version": "10.5.8"}, {"status": "unaffected", "version": "9.11.17"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 10.9.0, 10.5.8, 9.11.17 or higher."}], "references": [{"url": "https://mattermost.com/security-updates"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2025-07-18T11:39:46.005Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6227", "state": "PUBLISHED", "dateUpdated": "2025-07-18T13:44:00.998Z", "dateReserved": "2025-06-18T10:41:49.989Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2025-07-18T11:39:46.005Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F117291-CF45-4790-8BEB-E51DB0BAEF82", "versionEndExcluding": "9.11.17", "versionStartIncluding": "9.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "86CE4B65-61C3-4994-88AB-06AC79F92965", "versionEndExcluding": "10.5.8", "versionStartIncluding": "10.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API."}, {"lang": "es", "value": "Las versiones de Mattermost 10.5.x &lt;= 10.5.7, 9.11.x &lt;= 9.11.16 no pueden negociar un nuevo token al aceptar la invitaci\u00f3n, lo que permite que un usuario que intercepta tanto la invitaci\u00f3n como la contrase\u00f1a env\u00ede payloads de sincronizaci\u00f3n al servidor que cre\u00f3 originalmente la invitaci\u00f3n a trav\u00e9s de la API REST."}], "id": "CVE-2025-6227", "lastModified": "2025-10-14T14:32:24.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-18T12:15:23.843", "references": [{"source": "responsibledisclosure@mattermost.com", "tags": ["Vendor Advisory"], "url": "https://mattermost.com/security-updates"}], "sourceIdentifier": "responsibledisclosure@mattermost.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "responsibledisclosure@mattermost.com", "type": "Secondary"}]}

{}

{"created": "2025-07-21T15:17:09.248288+00:00", "updated": "2025-07-21T15:17:09.248369+00:00", "vendors": ["mattermost", "mattermost$PRODUCT$mattermost"]}