VYPR
Moderate severityNVD Advisory· Published Nov 14, 2025· Updated Nov 14, 2025

Lack of MFA enforcement in WebSocket connections

CVE-2025-55070

Description

Mattermost versions <11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost-serverGo
< 11.1.011.1.0
github.com/mattermost/mattermost/server/v8Go
< 8.0.0-20250912063506-7d8b7b5e4a608.0.0-20250912063506-7d8b7b5e4a60

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.