CVE-2025-12421

CriticalMedium RiskPatched

Mattermost Authentication Bypass

CVSS Score

9.9

Severity

Critical

Available Package Updates

Gogithub.com/mattermost/mattermost/server/v8v8.0.0-20251022210333-acda1fb5dd46View on Go
Gogithub.com/mattermost/mattermost-serverv11.0.3View on Go

Fixed in: github.com/mattermost/mattermost/server/v8 (Go): 8.0.0-20251022210333-acda1fb5dd46; github.com/mattermost/mattermost-server (Go): 11.0.3

Exploit Intelligence

Weaponized

No

Detectable

Yes

CISA KEV

Not Listed

Risk Level

Medium Risk

Detection Sources

osv

Get the Full Explanation

Sign in to get the plain English explanation including what systems are affected, how to fix it, and vendor advisory links.

Sign in for Full DetailsView on NVD

Published: 11/27/2025