Vulnerability Details CVE-2025-30179
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.3%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2025-30179
-
cpe:2.3:a:mattermost:mattermost_server:10.3.0
-
cpe:2.3:a:mattermost:mattermost_server:10.3.1
-
cpe:2.3:a:mattermost:mattermost_server:10.3.2
-
cpe:2.3:a:mattermost:mattermost_server:10.3.3
-
cpe:2.3:a:mattermost:mattermost_server:10.4.0
-
cpe:2.3:a:mattermost:mattermost_server:10.4.1
-
cpe:2.3:a:mattermost:mattermost_server:10.4.2
-
cpe:2.3:a:mattermost:mattermost_server:9.11.0
-
cpe:2.3:a:mattermost:mattermost_server:9.11.1
-
cpe:2.3:a:mattermost:mattermost_server:9.11.2
-
cpe:2.3:a:mattermost:mattermost_server:9.11.3
-
cpe:2.3:a:mattermost:mattermost_server:9.11.4
-
cpe:2.3:a:mattermost:mattermost_server:9.11.5
-
cpe:2.3:a:mattermost:mattermost_server:9.11.6
-
cpe:2.3:a:mattermost:mattermost_server:9.11.7
-
cpe:2.3:a:mattermost:mattermost_server:9.11.8