Moderate severityNVD Advisory· Published Nov 14, 2025· Updated Nov 14, 2025
Lack of MFA enforcement in WebSocket connections
CVE-2025-55070
Description
Mattermost versions <11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost-serverGo | < 11.1.0 | 11.1.0 |
github.com/mattermost/mattermost/server/v8Go | < 8.0.0-20250912063506-7d8b7b5e4a60 | 8.0.0-20250912063506-7d8b7b5e4a60 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/mattermost/mattermost-serverpkg:golang/github.com/mattermost/mattermost/server/v8
< 11.1.0+ 1 more
- (no CPE)range: < 11.1.0
- (no CPE)range: < 8.0.0-20250912063506-7d8b7b5e4a60
- Range: <11
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.