VYPR
Low severityOSV Advisory· Published Dec 17, 2025· Updated Dec 17, 2025

Open redirect in error page when link opened in new tab

CVE-2025-62690

Description

Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost/server/v8Go
>= 8.0.0-20250721062209-4952acea88ce, < 8.0.0-20251016131338-dad6bd7a15098.0.0-20251016131338-dad6bd7a1509
github.com/mattermost/mattermostGo
>= 10.11.0-rc1, < 10.11.5-0.20251016131338-dad6bd7a150910.11.5-0.20251016131338-dad6bd7a1509
github.com/mattermost/mattermostGo
>= 11.0.0-alpha.1, < 11.1.011.1.0

Affected products

4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.