CVE

GO-2025-4200

Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials in github.com/mattermost/mattermost-server

Back to all

CVE

GO-2025-4200

Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials in github.com/mattermost/mattermost-server

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

9.8

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://github.com/advisories/GHSA-g78f-6xq7-rrhq, https://nvd.nist.gov/vuln/detail/CVE-2017-18885, https://mattermost.com/security-updates

Severity

9.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

9.8

EPSS Probability

0.00408%

EPSS Percentile

0.60587%

Introduced Version

4.3.0-rc1+incompatible,v4.1.0+incompatible,v4.2.0-rc1,v0.0.0-20170731165932-59992ae4a463,v3.7.0+incompatible,v0.0.0-20170313122956-8b0eedbbcd47,v0.0.0-20170216144655-f87d42916f1e,v0.0.0-20170130133002-c01d9ad6cf3f,v0.5.0,v0.0.0-20150615075332-56e74239d6b3

Fix Available

4.3.0+incompatible,v4.1.2-rc1+incompatible,v4.2.1+incompatible,v0.0.0-20171004150456-e05edf85cfc0

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

GO-2025-4200

GO-2025-4200

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

9.8

Basic Information

Fix Critical Vulnerabilities Instantly