CVE-2025-4573 | Mattermost up to 9.11.13/10.5.4/10.6.3/10.7.1 LDAP Search Filter link objectGUID ldap injection

Inserito da Angelo Barbosa | Giu 11, 2025 | CVE

A vulnerability has been found in Mattermost up to 9.11.13/10.5.4/10.6.3/10.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /api/v4/ldap/groups/{remote_id}/link of the component LDAP Search Filter. The manipulation of the argument objectGUID leads to ldap injection.

This vulnerability is known as CVE-2025-4573. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-4573 | Mattermost up to 9.11.13/10.5.4/10.6.3/10.7.1 LDAP Search Filter link objectGUID ldap injection

Post correlati

CVE-2024-0511 | Royal Elementor Addons and Templates Plugin up to 1.3.87 on WordPress wpr_update_form_action_meta cross-site request forgery

CVE-2024-51476 | IBM Concert Software 1.0.5 excessive authentication

CVE-2023-52227 | MailerLite Plugin up to 2.0.8 on WordPress authorization

CVE-2024-0535 | Tenda PA6 1.0.1.21 httpd /portmap cgiPortMapAdd groupName stack-based overflow