Low severityOSV Advisory· Published Dec 17, 2025· Updated Dec 17, 2025
Open redirect in error page when link opened in new tab
CVE-2025-62690
Description
Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost/server/v8Go | >= 8.0.0-20250721062209-4952acea88ce, < 8.0.0-20251016131338-dad6bd7a1509 | 8.0.0-20251016131338-dad6bd7a1509 |
github.com/mattermost/mattermostGo | >= 10.11.0-rc1, < 10.11.5-0.20251016131338-dad6bd7a1509 | 10.11.5-0.20251016131338-dad6bd7a1509 |
github.com/mattermost/mattermostGo | >= 11.0.0-alpha.1, < 11.1.0 | 11.1.0 |
Affected products
1- Range: @mattermost/client@10.11.0, @mattermost/types@10.11.0, mattermost-redux@10.11.0, …
Patches
1dad6bd7a1509Use validated redirectTo in error page (#34073) (#34169)
1 file changed · +1 −1
webapp/channels/src/components/error_page/error_page.tsx+1 −1 modified@@ -98,7 +98,7 @@ export default class ErrorPage extends React.PureComponent<Props> { ); } else if (type === ErrorPageTypes.CHANNEL_NOT_FOUND) { backButton = ( - <Link to={params.get('returnTo') as string}> + <Link to={returnTo}> <FormattedMessage id='error.channelNotFound.link' defaultMessage='Back to {defaultChannelName}'
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.