2 matches found
CVE-2025-2475
Mattermost CVE-2025-2475 affects servers 9.11.x up to 9.11.9, 10.4.x up to 10.4.3, and 10.5.x up to 10.5.1. The root cause is a failure to invalidate the cache when a user account is converted to a bot, enabling an attacker to log in to the bot exactly once using normal credentials. The available...
CVE-2025-2475 Unauthorized Bot Login Using Credentials
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials...