{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T11:42:05.173","vulnerabilities":[{"cve":{"id":"CVE-2025-3230","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2025-05-30T15:15:41.043","lastModified":"2025-10-15T14:16:49.363","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens."},{"lang":"es","value":"Las versiones de Mattermost 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 no invalidan correctamente los tokens de acceso personal tras la desactivaciĆ³n del usuario, lo que permite que los usuarios desactivados mantengan acceso completo al sistema explotando fallas de validaciĆ³n de tokens de acceso mediante el uso continuo de tokens emitidos previamente."}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-303"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.11.0","versionEndExcluding":"9.11.13","matchCriteriaId":"BC431F02-E096-4994-9CB3-AC2DB1C7FAB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.5.0","versionEndExcluding":"10.5.4","matchCriteriaId":"6EB2F235-4072-4E5E-914C-07829E12A481"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.6.0","versionEndExcluding":"10.6.3","matchCriteriaId":"3C12F8F0-C3CD-4508-8162-AE2523E0836B"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.7.0","versionEndExcluding":"10.7.1","matchCriteriaId":"9A7C1EB8-01C3-4449-A3D2-3C25B4334032"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}}]}