CVE-2025-27538 | Mattermost up to 9.11.9/10.5.1/10.5.x MFA mfa missing authentication

A vulnerability, which was classified as problematic, was found in Mattermost up to 9.11.9/10.5.1/10.5.x. This affects an unknown part of the file /api/v4/users/user-id/mfa of the component MFA. The manipulation leads to missing authentication.

This vulnerability is uniquely identified as CVE-2025-27538. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More