CVE-2025-12689 – This vulnerability allows attackers to crash th... (How to Fix)

Q: How do I fix CVE-2025-12689?

1. Backup your Mattermost instance. 2. Upgrade to Mattermost 11.0.5, 10.12.3, or 10.11.7 or later. 3. Restart the Mattermost service. 4. Verify the Calls plugin functions correctly.

Q: What is the severity of CVE-2025-12689?

CVE-2025-12689 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows attackers to crash the Calls plugin in Mattermost by sending malformed WebSocket requests with improper UTF-8 formatting. Affected organizations are those running vulnerable Mattermost versions with the Calls plugin enabled.

📋 TL;DR

This vulnerability allows attackers to crash the Calls plugin in Mattermost by sending malformed WebSocket requests with improper UTF-8 formatting. Affected organizations are those running vulnerable Mattermost versions with the Calls plugin enabled.

💻 Affected Systems

Products:

Mattermost

Versions: 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6

Operating Systems: All platforms running Mattermost

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with the Calls plugin enabled. The vulnerability is in the WebSocket handling code.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for the Calls plugin functionality, disrupting voice/video communication capabilities for all users.

🟠

Likely Case

Temporary disruption of Calls plugin services requiring plugin restart or server reboot to restore functionality.

🟢

If Mitigated

No impact if the vulnerability is patched or if the Calls plugin is disabled.

🌐 Internet-Facing: HIGH if Mattermost instance is internet-facing and Calls plugin is enabled, as attackers can send malformed requests remotely.

🏢 Internal Only: MEDIUM for internal instances, as authenticated users or compromised internal systems could exploit the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires sending malformed WebSocket requests, which is technically simple but requires understanding of the protocol and access to the WebSocket endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.0.5, 10.12.3, 10.11.7 or later

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Backup your Mattermost instance. 2. Upgrade to Mattermost 11.0.5, 10.12.3, or 10.11.7 or later. 3. Restart the Mattermost service. 4. Verify the Calls plugin functions correctly.

🔧 Temporary Workarounds

Disable Calls Plugin

all

Temporarily disable the Calls plugin to prevent exploitation while planning upgrade.

mmctl plugin disable com.mattermost.calls

Restrict WebSocket Access

all

Implement network controls to restrict WebSocket connections to trusted sources only.

🧯 If You Can't Patch

Disable the Calls plugin immediately to eliminate the attack surface
Implement strict network segmentation and firewall rules to limit WebSocket access to authorized users only

🔍 How to Verify

Check if Vulnerable:

Check Mattermost version via System Console > About or run: mmctl version

Check Version:

mmctl version

Verify Fix Applied:

Verify version is 11.0.5+, 10.12.3+, or 10.11.7+ and test Calls plugin functionality

📡 Detection & Monitoring

Log Indicators:

WebSocket connection errors
Calls plugin crash logs
Unusual malformed request patterns in access logs

Network Indicators:

Abnormal WebSocket traffic patterns
Multiple malformed WebSocket requests to Calls endpoints

SIEM Query:

source="mattermost" AND ("WebSocket error" OR "Calls plugin" AND (crash OR error))

📊 Metadata

CVE ID: CVE-2025-12689

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-1287

EPSS Score: 0.08% exploit probability (24th percentile)

Published: December 17, 2025

Last Updated: December 29, 2025

🔗 References

https://mattermost.com/security-updates Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12689, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mattermost Server by Mattermost

Mattermost Server by Mattermost

Mattermost Server by Mattermost

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Calls Plugin

Restrict WebSocket Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities