CVE-2025-25068

HIGH Year: 2025
CVSS v3 Score
8.8
High
Weakness Type
CWE-306
View all →

Vulnerability Description

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes.

Related Vulnerabilities

CVE-2016-6541

HIGH
CVSS:8.8(High)

TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Androi...

CWE-3062016

CVE-2016-7830

HIGH
CVSS:8.8(High)

Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on...

CWE-3062016

CVE-2017-10854

HIGH
CVSS:8.8(High)

Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors.

CWE-3062017

CVE-2018-0521

HIGH
CVSS:8.8(High)

Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.

CWE-3062018

CVE-2018-0554

HIGH
CVSS:8.8(High)

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.

CWE-3062018

CVE-2018-11476

HIGH
CVSS:8.8(High)

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the ...

CWE-3062018