Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-11794
CVE-2025-11794
Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/{user_id}/email/verify/member endpoint
Published Nov 18, 2025
https://github.com/advisories/GHSA-mqp8-pgg5-7x7m
CVSS Score
Medium
4.9
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20230822143856-e48efdc5daae
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20231111015533-48bf4e9bd879
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20240111182452-4d96c11314f4
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20240112022858-f857af64f2e5
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20240228165319-9e99280a40f1
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20240326175929-75cf1f9d931a
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20240404204026-0a3667bf58c5
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20240520151130-4bdd8bb18e47
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20240522125221-f0110e361ece
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20240527204624-beb8d5e8e07a
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20240723150613-d8c16cdfd5a9
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20240726090344-5547504c1d68
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20241015185928-63c97f5a6d8f
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20241113102039-053d0b5f0ad5
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20250228172344-7ab585e1324c
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20250317155315-c95968c380be
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20250411193521-698de055453f
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20250521083701-1cb244e8760d
golang
github.com/mattermost/mattermost/server/v8
v8.0.0-20250912180947-f2f83187b8ab
1-19 of 19
CVE-2025-11794 | Components Impacted | Sonatype Guide | Sonatype Guide
