CVE-2025-31947
MEDIUMDescription
Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mattermost | mattermost_server |
| mattermost | mattermost_server |
| mattermost | mattermost_server |
| mattermost | mattermost_server |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-31947? +
How severe is CVE-2025-31947? +
What products are affected by CVE-2025-31947? +
How do I check if I'm vulnerable to CVE-2025-31947? +
Related Vulnerabilities
Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication …
Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout …
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: …
A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other …
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when …
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks …