NuytsTech Security

CVE-2025-3230

by ·

Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens. Assigner : responsibledisclosure@mattermost.com More information : https://mattermost.com/security-updates

Tags: