CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13324

Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4, 10.12.x <= 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy (version 1) protocol or when the confirming party does not provide a refreshed token, which allows an attacker who has obtained an invite token to authenticate as the remote cluster and perform limited actions on shared channels even after the invitation has been legitimately confirmed.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.7%

CVSS Severity

CVSS v3 Score 3.7

References

https://mattermost.com/security-updates

Products affected by CVE-2025-13324

Mattermost » Mattermost Server » Version: 10.11.0

cpe:2.3:a:mattermost:mattermost_server:10.11.0
Mattermost » Mattermost Server » Version: 10.11.1

cpe:2.3:a:mattermost:mattermost_server:10.11.1
Mattermost » Mattermost Server » Version: 10.11.2

cpe:2.3:a:mattermost:mattermost_server:10.11.2
Mattermost » Mattermost Server » Version: 10.11.3

cpe:2.3:a:mattermost:mattermost_server:10.11.3
Mattermost » Mattermost Server » Version: 10.11.4

cpe:2.3:a:mattermost:mattermost_server:10.11.4
Mattermost » Mattermost Server » Version: 10.11.5

cpe:2.3:a:mattermost:mattermost_server:10.11.5
Mattermost » Mattermost Server » Version: 10.12.0

cpe:2.3:a:mattermost:mattermost_server:10.12.0
Mattermost » Mattermost Server » Version: 10.12.1

cpe:2.3:a:mattermost:mattermost_server:10.12.1
Mattermost » Mattermost Server » Version: 10.12.2

cpe:2.3:a:mattermost:mattermost_server:10.12.2
Mattermost » Mattermost Server » Version: 11.0.0

cpe:2.3:a:mattermost:mattermost_server:11.0.0
Mattermost » Mattermost Server » Version: 11.0.1

cpe:2.3:a:mattermost:mattermost_server:11.0.1
Mattermost » Mattermost Server » Version: 11.0.2

cpe:2.3:a:mattermost:mattermost_server:11.0.2
Mattermost » Mattermost Server » Version: 11.0.3

cpe:2.3:a:mattermost:mattermost_server:11.0.3
Mattermost » Mattermost Server » Version: 11.0.4

cpe:2.3:a:mattermost:mattermost_server:11.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13324

Products

Pricing

Contact Us