CVE-2025-58075 – This vulnerability allows attackers to join any... (How to Fix)

Q: How do I fix CVE-2025-58075?

1. Backup your Mattermost database and configuration. 2. Download the patched version from Mattermost downloads. 3. Stop Mattermost service. 4. Install the patched version. 5. Restart Mattermost service. 6. Verify the version is updated.

Q: What is the severity of CVE-2025-58075?

CVE-2025-58075 has a CVSS score of 8.1 (HIGH). This vulnerability allows attackers to join any Mattermost team without proper authorization by manipulating RelayState parameters. Attackers can bypass team invitation restrictions and gain unauthorized access to teams. All Mattermost servers running affected versions are vulnerable.

📋 TL;DR

This vulnerability allows attackers to join any Mattermost team without proper authorization by manipulating RelayState parameters. Attackers can bypass team invitation restrictions and gain unauthorized access to teams. All Mattermost servers running affected versions are vulnerable.

💻 Affected Systems

Products:

Mattermost

Versions: 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10

Operating Systems: All platforms running Mattermost

Default Config Vulnerable: ⚠️ Yes

Notes: All Mattermost deployments with affected versions are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of team privacy and data confidentiality as attackers join any team, access sensitive communications, and potentially escalate privileges within the platform.

🟠

Likely Case

Unauthorized access to internal teams, exposure of sensitive business communications, and potential data leakage from private channels.

🟢

If Mitigated

Limited impact if teams contain only public information or if additional access controls monitor and restrict new member activities.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some user interaction but is technically simple once the vulnerability is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.11.2, 10.10.3, 10.5.11 or later

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Backup your Mattermost database and configuration. 2. Download the patched version from Mattermost downloads. 3. Stop Mattermost service. 4. Install the patched version. 5. Restart Mattermost service. 6. Verify the version is updated.

🔧 Temporary Workarounds

Disable team invitations

all

Temporarily disable all team invitation functionality to prevent exploitation

Update config.json: "EnableTeamCreation": false, "RestrictTeamInvite": "all"

🧯 If You Can't Patch

Implement network segmentation to restrict Mattermost access to trusted users only
Enable detailed audit logging and monitor for unauthorized team join attempts

🔍 How to Verify

Check if Vulnerable:

Check Mattermost version via System Console > About or run: mattermost version

Check Version:

mattermost version

Verify Fix Applied:

Verify version is 10.11.2+, 10.10.3+, or 10.5.11+ and test team invitation functionality

📡 Detection & Monitoring

Log Indicators:

Unexpected team join events
Team membership changes from unusual IPs
Multiple failed invitation attempts followed by successful join

Network Indicators:

Unusual patterns of POST requests to team invitation endpoints
Traffic containing manipulated RelayState parameters

SIEM Query:

source="mattermost" AND (event="team_join" OR event="user_added") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2025-58075

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-862

EPSS Score: 0.04% exploit probability (13.4th percentile)

Published: October 16, 2025

Last Updated: October 21, 2025

🔗 References

https://mattermost.com/security-updates Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58075, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mattermost Server by Mattermost

Mattermost Server by Mattermost

Mattermost Server by Mattermost

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable team invitations

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities