4.9

CVSS3.1

CVE-2025-11794 - Password hash and MFA secret returned in user email verification endpoint

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/{user_id}/email/verify/member endpoint

๐Ÿ“… Published: Nov. 14, 2025, 10:45 a.m. ๐Ÿ”„ Last Modified: Dec. 1, 2025, 3:36 p.m.

0.0

CVE-2025-65071 -

Not used

๐Ÿ“… Published: Nov. 14, 2025, 9:13 a.m. ๐Ÿ”„ Last Modified: Nov. 15, 2025, 3:55 a.m.

0.0

CVE-2025-65072 -

Not used

๐Ÿ“… Published: Nov. 14, 2025, 9:13 a.m. ๐Ÿ”„ Last Modified: Nov. 15, 2025, 3:55 a.m.

0.0

CVE-2025-65067 -

Not used

๐Ÿ“… Published: Nov. 14, 2025, 9:13 a.m. ๐Ÿ”„ Last Modified: Nov. 15, 2025, 3:55 a.m.

0.0

CVE-2025-65068 -

Not used

๐Ÿ“… Published: Nov. 14, 2025, 9:13 a.m. ๐Ÿ”„ Last Modified: Nov. 15, 2025, 3:55 a.m.

0.0

CVE-2025-65069 -

Not used

๐Ÿ“… Published: Nov. 14, 2025, 9:13 a.m. ๐Ÿ”„ Last Modified: Nov. 15, 2025, 3:55 a.m.

0.0

CVE-2025-65066 -

Not used

๐Ÿ“… Published: Nov. 14, 2025, 9:13 a.m. ๐Ÿ”„ Last Modified: Nov. 15, 2025, 3:55 a.m.

0.0

CVE-2025-65070 -

Not used

๐Ÿ“… Published: Nov. 14, 2025, 9:13 a.m. ๐Ÿ”„ Last Modified: Nov. 15, 2025, 3:55 a.m.

0.0

CVE-2025-65065 -

Not used

๐Ÿ“… Published: Nov. 14, 2025, 9:13 a.m. ๐Ÿ”„ Last Modified: Nov. 15, 2025, 3:55 a.m.

0.0

CVE-2025-65064 -

Not used

๐Ÿ“… Published: Nov. 14, 2025, 9:13 a.m. ๐Ÿ”„ Last Modified: Nov. 15, 2025, 3:55 a.m.
Total resulsts: 349182
Page 3010 of 34,919
ยซ previous page ยป next page
Filters