CVE-2025-25068

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes...

CVE-2025-30179

Mattermost CVE-2025-30179 affects Mattermost Server: MFA is not enforced on certain search APIs, allowing authenticated users to bypass MFA via user, channel, or team search. Affected lines are Mattermost Server 9.11.x ≤ 9.11.8, 10.3.x ≤ 10.3.3, and 10.4.x ≤ 10.4.2. Remediation per advisories is ...