Unrated severityNVD Advisory· Published Nov 13, 2025· Updated Nov 13, 2025
Inadequate validation of SSO redirect credentials permits credential theft
CVE-2025-59480
Description
Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.32.0
- Range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.