3.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-62690

CVE-2025-62690: Open redirect in error page when link opened in new tab

Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-62690

CVE-2025-62690:

3.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/mattermost/mattermost/server/v8	go	>= 8.0.0-20250721062209-4952acea88ce, < 8.0.0-20251016131338-dad6bd7a1509	8.0.0-20251016131338-dad6bd7a1509
github.com/mattermost/mattermost	go	>= 10.11.0-rc1, < 10.11.5-0.20251016131338-dad6bd7a1509	10.11.5-0.20251016131338-dad6bd7a1509
github.com/mattermost/mattermost	go	>= 11.0.0-alpha.1, < 11.1.0	11.1.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is an open redirect on the error page of Mattermost. The analysis of the provided commit dad6bd7a1509054580a0898bbc0e026aac3b30cb shows a change in the ErrorPage component in webapp/channels/src/components/error_page/error_page.tsx. The patch reveals that the returnTo query parameter was being used directly to construct a redirect link. The vulnerable code, <Link to={params.get('returnTo') as string}>, reads the parameter from the URL and uses it as the target of a Link. This allows an attacker to specify an external, malicious URL in the returnTo parameter. The fix replaces this with <Link to={returnTo}>, where returnTo is a validated variable. Therefore, the ErrorPage component, specifically its rendering logic, is the vulnerable function.

Vulnerable functions

ErrorPage

webapp/channels/src/components/error_page/error_page.tsx

The `ErrorPage` component is vulnerable to an open redirect. The `returnTo` parameter is taken directly from the URL and used in a `<Link>` component without validation. An attacker can craft a URL with a malicious `returnTo` value, causing the user to be redirected to an arbitrary site when they click the 'Back' link on the error page.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

3.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-62690: Open redirect in error page when link opened in new tab

CVE-2025-62690:

3.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

CVE-2025-62690: Open redirect in error page when link opened in new tab

3.1

3.1

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI