CVE-2025-54499
LOWDescription
Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mattermost | mattermost_server |
| mattermost | mattermost_server |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-54499? +
How severe is CVE-2025-54499? +
What products are affected by CVE-2025-54499? +
How do I check if I'm vulnerable to CVE-2025-54499? +
Related Vulnerabilities
SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) …
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to …
Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central …
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned …
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows …
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash …