CVE-2025-12421 | Mattermost up to 10.5.12/10.11.4/10.12.1/11.0.2 Email code-exchange incorrect implementation of authentication algorithm

November 27, 2025 Yanac

A vulnerability categorized as critical has been discovered in Mattermost up to 10.5.12/10.11.4/10.12.1/11.0.2. Impacted is an unknown function of the file /users/login/sso/code-exchange of the component Email Handler. Executing manipulation can lead to incorrect implementation of authentication algorithm.

This vulnerability is tracked as CVE-2025-12421. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More