5.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-31947

GHSA ID

GHSA-qgwx-rffp-6cx9

EPSS Score

0.23863%

CWE

CWE-645

Published

5/15/2025

Updated

5/17/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-31947

CVE-2025-31947: Mattermost Fails to Lockout LDAP Users After Repeated Login Failures

Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.

(GitHub Advisory)

5.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-31947

GHSA ID

GHSA-qgwx-rffp-6cx9

EPSS Score

0.23863%

CWE

CWE-645

Published

5/15/2025

Updated

5/17/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/mattermost/mattermost/server/v8	go	>= 10.6.0, <= 10.6.1	10.6.2
github.com/mattermost/mattermost/server/v8	go	>= 10.5.0, <= 10.5.2	10.5.3
github.com/mattermost/mattermost/server/v8	go	>= 10.4.0, <= 10.4.4	10.4.5
github.com/mattermost/mattermost/server/v8	go	>= 9.11.0, <= 9.11.11	9.11.12
github.com/mattermost/mattermost/server/v8	go	< 8.0.0-20250415054241-76ab3867b785	8.0.0-20250415054241-76ab3867b785

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

M*tt*rmost v*rsions **.*.x <= **.*.*, **.*.x <= **.*.*, **.*.x <= **.*.*, *.**.x <= *.**.** **il to lo*kout L**P us*rs *ollowin* r*p**t** lo*in **ilur*s, w*i** *llows *tt**k*rs to lo*k *xt*rn*l L**P ***ounts t*rou** r*p**t** lo*in **ilur*s t*rou** M*

Reasoning

No *n*lysis *v*il**l*

5.8

Basic Information

Concerned about an active attack path?

CVE-2025-31947: Mattermost Fails to Lockout LDAP Users After Repeated Login Failures

5.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI