Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Account Takeover in Mattermost, Patch Immediately!
Image
Published : 28/11/2025
* Last update: 28/11/2025
* Affected software: Mattermost
→ • Affected versions: 11.0.x <= 11.0.3, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12* Type:
→ • CWE-303: Incorrect Implementation of Authentication Algorithm
* CVE/CVSS
→ • CVE-2025-12421: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
→ • CVE-2025-12419: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12421
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12419
Risks
Two critical vulnerabilities in the widely used collaboration platform Mattermost have been published, scoring a 9.9 on the CVSS scale. The flaws allow an authenticated attacker to bypass security checks and perform a full account takeover of any employee, including system administrators. This has a severe impact on the Confidentiality, Availability and Integrity of the system.
Description
CVE-2025-12419, CVSS 9.9
This vulnerability occurs when Mattermost fails to properly validate the OAuth state tokens during the OpenID Connect authentication flow. This failure allows an authenticated attacker, privileged with team creation, to hijack another user's session.
CVE-2025-12421, CVSS 9.9
This flaw arises because the system fails to verify that the token used during the code exchange originates from the same authentication flow, creating a window for an attacker to hijack the process.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version or implementing specific mitigations may protect against future exploitation, it does not remediate historic compromise.
References
Mattermost Security Updates: https://mattermost.com/security-updates/