CVE-2025-12419
Account takeover on OAuth/OpenID-enabled serversMattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.
We have discovered 62 live websites that are affected by CVE-2025-12419.
Affected Software
| Product |  Mattermost |
| Category | Message Boards |
| Vulnerable Domains | 62 live websites (15% of Mattermost install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 10 versions ( 15% of all versions) |
Common Weakness Enumeration
CWE-303 Incorrect Implementation of Authentication AlgorithmDetails
- Published - Nov 27, 2025
- Updated - Feb 26, 2026
Credits
- daw10 (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-12419 United States | 13 websites |
 Germany | 23 websites |
 GB | 9 websites |
 France | 3 websites |
 Czech Republic | 2 websites |
 Russia | 2 websites |
 Turkmenistan | 2 websites |
 Austria | 1 websites |
 Canada | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-12419| .org | 14 websites |
| .com | 13 websites |
| .de | 11 websites |
| .ru | 4 websites |
| .co.uk | 2 websites |
| .fr | 2 websites |
| .info | 2 websites |
| .net | 2 websites |
| .io | 1 websites |
| .pl | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-12419
Top websites that are affected by CVE-2025-12419. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | Germany | ***,*** | |
| ****.*******.com | GB | ***,*** | |
| ****.*******.org | Germany | *,***,*** | |
| ***********.ru | Russia | *,***,*** | |
| ****.*******.com | Germany | *,***,*** | |
| ****.*********.org | United States | *,***,*** | |
| ****.**************.de | Germany | *,***,*** | |
| *****.*************.org | GB | *,***,*** | |
| *******.org | Germany | *,***,*** | |
| ******.*************.org | GB | **,***,*** |
FAQ
CVE-2025-12419 is Incorrect Implementation of Authentication Algorithm in Mattermost
A total of 62 websites have been identified as vulnerable to CVE-2025-12419, based on global website indexing conducted by WebTechSurvey.
The Mattermost is affected by the CVE-2025-12419 vulnerability.
Mattermost versions up to and including 11.0.3 are vulnerable to CVE-2025-12419.