Low severityNVD Advisory· Published Sep 15, 2025· Updated Sep 15, 2025
Open redirect in OAuth login
CVE-2025-9084
Description
Mattermost versions 10.5.x <= 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost/server/v8Go | < 8.0.0-202508080704-39bd251fe4f600 | 8.0.0-202508080704-39bd251fe4f600 |
github.com/mattermost/mattermost-serverGo | >= 10.5.0, < 10.5.10 | 10.5.10 |
Affected products
6- ghsa-coords5 versionspkg:golang/github.com/mattermost/mattermost-serverpkg:golang/github.com/mattermost/mattermost/server/v8pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
>= 10.5.0, < 10.5.10+ 4 more
- (no CPE)range: >= 10.5.0, < 10.5.10
- (no CPE)range: < 8.0.0-202508080704-39bd251fe4f600
- (no CPE)range: < 0.0.20250918T182144-150000.1.107.1
- (no CPE)range: < 0.0.20250917T170349-1.1
- (no CPE)range: < 0.0.20250918T182144-150000.1.107.1
- Range: 10.5.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.