High severityNVD Advisory· Published Sep 15, 2025· Updated Sep 15, 2025
One-Click Mattermost Account Takeover via Poisoned RelayState SAML Parameter
CVE-2025-9072
Description
Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies to an attacker-controlled URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost-serverGo | >= 10.10.0, < 10.10.2 | 10.10.2 |
github.com/mattermost/mattermost-serverGo | >= 10.5.0, < 10.5.10 | 10.5.10 |
github.com/mattermost/mattermost-serverGo | >= 10.9.0, < 10.9.5 | 10.9.5 |
github.com/mattermost/mattermost/server/v8Go | < 8.0.0-20250731063404-9eebaadf8f72 | 8.0.0-20250731063404-9eebaadf8f72 |
Affected products
6- ghsa-coords5 versionspkg:golang/github.com/mattermost/mattermost-serverpkg:golang/github.com/mattermost/mattermost/server/v8pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
>= 10.10.0, < 10.10.2+ 4 more
- (no CPE)range: >= 10.10.0, < 10.10.2
- (no CPE)range: < 8.0.0-20250731063404-9eebaadf8f72
- (no CPE)range: < 0.0.20250918T182144-150000.1.107.1
- (no CPE)range: < 0.0.20250917T170349-1.1
- (no CPE)range: < 0.0.20250918T182144-150000.1.107.1
- Range: 10.10.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-69j8-prx2-vx98ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-9072ghsaADVISORY
- github.com/mattermost/mattermost/commit/13cd76009d31754db46115bddef5287a8a29871aghsaWEB
- github.com/mattermost/mattermost/commit/9eebaadf8f720788e99b6997337c8df330271326ghsaWEB
- github.com/mattermost/mattermost/commit/fda403fb6ec41bea8780bff198a26860f105e6e5ghsaWEB
- mattermost.com/security-updatesghsaWEB
News mentions
0No linked articles in our index yet.