Authentication Bypass

litellm is vulnerable to Authentication Bypass. The vulnerability is due to weak cache key generation using only the first 20 characters of JWT tokens, which allows an attacker to craft a token with a matching prefix and gain unauthorized access by inheriting another user’s identity...

CVE-2025-9078

CVE-2025-9078 affects Mattermost server versions 9.11.x, 10.5.x, 10.8.x, 10.9.x, 10.10.x where cache key validation for link metadata is flawed due to FNV-1 hashing, enabling authenticated users to access posts they are not authorized to and to poison link previews. Root cause: improper validatio...

CVE-2025-9078 Weak cache keys lead to post IDOR and link preview poisoning

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previews via hash collision attacks on FNV-1 hashing...

CVE-2025-9078 Weak cache keys lead to post IDOR and link preview poisoning

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to properly validate cache keys for link metadata which allows authenticated users to access unauthorized posts and poison link previews via hash collision attacks on FNV-1 hashing...