VYPR
Moderate severityNVD Advisory· Published May 15, 2025· Updated May 15, 2025

Repeated LDAP login failures can lock an LDAP account

CVE-2025-31947

Description

Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost/server/v8Go
>= 10.6.0, < 10.6.210.6.2
github.com/mattermost/mattermost/server/v8Go
>= 10.5.0, < 10.5.310.5.3
github.com/mattermost/mattermost/server/v8Go
>= 10.4.0, < 10.4.510.4.5
github.com/mattermost/mattermost/server/v8Go
>= 9.11.0, < 9.11.129.11.12
github.com/mattermost/mattermost/server/v8Go
< 8.0.0-20250415054241-76ab3867b7858.0.0-20250415054241-76ab3867b785

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.