Vulnerability Database
299,751
Total vulnerabilities in the database
CVE-2025-9072
Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies to an attacker-controlled URL.
| Software | From | Fixed in |
|---|---|---|
github.com/mattermost/mattermost-server
|
10.10.0 | 10.10.2 |
|
github.com/mattermost/mattermost-server
|
10.5.0 | 10.5.10 |
|
github.com/mattermost/mattermost-server
|
10.9.0 | 10.9.5 |
|
github.com/mattermost/mattermost/server/v8
|
- | 8.0.0-20250731063404-9eebaadf8f72 |
- https://github.com/mattermost/mattermost/commit/13cd76009d31754db46115bddef5287a8a29871a
- https://github.com/mattermost/mattermost/commit/9eebaadf8f720788e99b6997337c8df330271326
- https://github.com/mattermost/mattermost/commit/fda403fb6ec41bea8780bff198a26860f105e6e5
- https://mattermost.com/security-updates
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime