Low severityOSV Advisory· Published Dec 17, 2025· Updated Dec 17, 2025
Open redirect in error page when link opened in new tab
CVE-2025-62690
Description
Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost/server/v8Go | >= 8.0.0-20250721062209-4952acea88ce, < 8.0.0-20251016131338-dad6bd7a1509 | 8.0.0-20251016131338-dad6bd7a1509 |
github.com/mattermost/mattermostGo | >= 10.11.0-rc1, < 10.11.5-0.20251016131338-dad6bd7a1509 | 10.11.5-0.20251016131338-dad6bd7a1509 |
github.com/mattermost/mattermostGo | >= 11.0.0-alpha.1, < 11.1.0 | 11.1.0 |
Affected products
4- Range: @mattermost/client@10.11.0, @mattermost/types@10.11.0, mattermost-redux@10.11.0, …
- ghsa-coords3 versionspkg:golang/github.com/mattermost/mattermostpkg:golang/github.com/mattermost/mattermost/server/v8pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
>= 10.11.0-rc1, < 10.11.5-0.20251016131338-dad6bd7a1509+ 2 more
- (no CPE)range: >= 10.11.0-rc1, < 10.11.5-0.20251016131338-dad6bd7a1509
- (no CPE)range: >= 8.0.0-20250721062209-4952acea88ce, < 8.0.0-20251016131338-dad6bd7a1509
- (no CPE)range: < 0.0.20260114T191543-150000.1.137.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.