Login Sign Up

CVE-2025-62690

3.1 LOW
Open Redirect

📋 TL;DR

Mattermost versions 10.11.4 and earlier contain an open redirect vulnerability on the /error page. An attacker can craft a malicious link that redirects victims to arbitrary websites when opened in a new tab. This affects all Mattermost deployments running vulnerable versions.

💻 Affected Systems

Products:
  • Mattermost
Versions: 10.11.x <= 10.11.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All Mattermost deployments with affected versions are vulnerable regardless of configuration.

📦 What is this software?

Mattermost Server by Mattermost

View all CVEs affecting Mattermost Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be redirected to phishing sites that steal credentials or deliver malware, potentially leading to account compromise or system infection.

🟠

Likely Case

Phishing attacks where users are tricked into visiting malicious sites that appear legitimate due to the Mattermost domain in the initial URL.

🟢

If Mitigated

Limited impact with proper user awareness training and browser security controls that warn about suspicious redirects.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (clicking a crafted link) but no authentication to Mattermost.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.11.5 or later

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Backup your Mattermost installation and database. 2. Download Mattermost version 10.11.5 or later from the official website. 3. Stop the Mattermost service. 4. Replace the installation with the patched version. 5. Restart the Mattermost service. 6. Verify the upgrade was successful.

🔧 Temporary Workarounds

User Awareness Training

all

Educate users about phishing risks and not clicking suspicious links, especially those that open in new tabs.

Browser Security Controls

all

Enable browser security features that warn about or block suspicious redirects.

🧯 If You Can't Patch

  • Implement web application firewall rules to block suspicious redirect patterns from the /error endpoint.
  • Monitor for unusual redirect activity in Mattermost access logs.

🔍 How to Verify

Check if Vulnerable:

Check Mattermost version via System Console > About or run: grep -i version /opt/mattermost/config/config.json

Check Version:

grep -i version /opt/mattermost/config/config.json

Verify Fix Applied:

Confirm version is 10.11.5 or later and test that crafted redirect URLs to the /error page no longer work.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to /error page with redirect parameters
  • Multiple failed redirect attempts from same IP

Network Indicators:

  • HTTP 302 redirects from Mattermost /error page to external domains

SIEM Query:

source="mattermost" AND url="/error" AND (status=302 OR redirect_to="*://*")

📊 Metadata

CVE ID: CVE-2025-62690
CVSS v3 Score: 3.1 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-601
EPSS Score: 0.03% exploit probability (9.3th percentile)
Published: December 17, 2025
Last Updated: December 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62690, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)
CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)
CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)