Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-31947 (GCVE-0-2025-31947)
Vulnerability from cvelistv5 – Published: 2025-05-15 10:41 – Updated: 2025-05-15 13:46
VLAI?
EPSS
Title
Repeated LDAP login failures can lock an LDAP account
Summary
Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.
Severity ?
5.8 (Medium)
CWE
- CWE-645 - Overly Restrictive Account Lockout Mechanism
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.6.0 , ≤ 10.6.1
(semver)
Affected: 10.5.0 , ≤ 10.5.2 (semver) Affected: 10.4.0 , ≤ 10.4.4 (semver) Affected: 9.11.0 , ≤ 9.11.11 (semver) Unaffected: 10.7.0 Unaffected: 10.6.2 Unaffected: 10.5.3 Unaffected: 10.4.5 Unaffected: 9.11.12 |
Credits
John Landells
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T13:43:06.790330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T13:46:27.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.6.1",
"status": "affected",
"version": "10.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.5.2",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.4.4",
"status": "affected",
"version": "10.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.11.11",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.7.0"
},
{
"status": "unaffected",
"version": "10.6.2"
},
{
"status": "unaffected",
"version": "10.5.3"
},
{
"status": "unaffected",
"version": "10.4.5"
},
{
"status": "unaffected",
"version": "9.11.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Landells"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost versions 10.6.x \u0026lt;= 10.6.1, 10.5.x \u0026lt;= 10.5.2, 10.4.x \u0026lt;= 10.4.4, 9.11.x \u0026lt;= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.\u003c/p\u003e"
}
],
"value": "Mattermost versions 10.6.x \u003c= 10.6.1, 10.5.x \u003c= 10.5.2, 10.4.x \u003c= 10.4.4, 9.11.x \u003c= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-645",
"description": "CWE-645: Overly Restrictive Account Lockout Mechanism",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T10:41:42.104Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 10.7.0, 10.6.2, 10.5.3, 10.4.5, 9.11.12 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 10.7.0, 10.6.2, 10.5.3, 10.4.5, 9.11.12 or higher."
}
],
"source": {
"advisory": "MMSA-2024-00407",
"defect": [
"https://mattermost.atlassian.net/browse/MM-61707"
],
"discovery": "EXTERNAL"
},
"title": "Repeated LDAP login failures can lock an LDAP account",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-31947",
"datePublished": "2025-05-15T10:41:42.104Z",
"dateReserved": "2025-04-08T11:14:14.703Z",
"dateUpdated": "2025-05-15T13:46:27.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-31947",
"date": "2026-05-10",
"epss": "0.0036",
"percentile": "0.58208"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-31947\",\"sourceIdentifier\":\"responsibledisclosure@mattermost.com\",\"published\":\"2025-05-15T11:15:48.270\",\"lastModified\":\"2025-10-06T15:30:17.227\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mattermost versions 10.6.x \u003c= 10.6.1, 10.5.x \u003c= 10.5.2, 10.4.x \u003c= 10.4.4, 9.11.x \u003c= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.\"},{\"lang\":\"es\",\"value\":\"Las versiones de Mattermost 10.6.x \u0026lt;= 10.6.1, 10.5.x \u0026lt;= 10.5.2, 10.4.x \u0026lt;= 10.4.4, 9.11.x \u0026lt;= 9.11.11 no logran bloquear a los usuarios LDAP luego de repetidos fallos de inicio de sesi\u00f3n, lo que permite a los atacantes bloquear cuentas LDAP externas mediante repetidos fallos de inicio de sesi\u00f3n a trav\u00e9s de Mattermost.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"responsibledisclosure@mattermost.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"responsibledisclosure@mattermost.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-645\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.11.0\",\"versionEndExcluding\":\"9.11.12\",\"matchCriteriaId\":\"72BC2D9B-C2F6-44F4-940B-64A491146D3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.4.0\",\"versionEndExcluding\":\"10.4.5\",\"matchCriteriaId\":\"C9363A18-2E7A-42C9-A488-44B7EDBF9116\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.5.0\",\"versionEndExcluding\":\"10.5.3\",\"matchCriteriaId\":\"BCCBD535-38E4-47C5-B166-8B4AAA3B05C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.6.0\",\"versionEndExcluding\":\"10.6.2\",\"matchCriteriaId\":\"A4DDF086-F2C6-4F08-9930-AC606471B9B0\"}]}]}],\"references\":[{\"url\":\"https://mattermost.com/security-updates\",\"source\":\"responsibledisclosure@mattermost.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-31947\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-15T13:43:06.790330Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-15T13:44:49.181Z\"}}], \"cna\": {\"title\": \"Repeated LDAP login failures can lock an LDAP account\", \"source\": {\"defect\": [\"https://mattermost.atlassian.net/browse/MM-61707\"], \"advisory\": \"MMSA-2024-00407\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"John Landells\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Mattermost\", \"product\": \"Mattermost\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.6.1\"}, {\"status\": \"affected\", \"version\": \"10.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.5.2\"}, {\"status\": \"affected\", \"version\": \"10.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.4.4\"}, {\"status\": \"affected\", \"version\": \"9.11.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.11.11\"}, {\"status\": \"unaffected\", \"version\": \"10.7.0\"}, {\"status\": \"unaffected\", \"version\": \"10.6.2\"}, {\"status\": \"unaffected\", \"version\": \"10.5.3\"}, {\"status\": \"unaffected\", \"version\": \"10.4.5\"}, {\"status\": \"unaffected\", \"version\": \"9.11.12\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update Mattermost to versions 10.7.0, 10.6.2, 10.5.3, 10.4.5, 9.11.12 or higher.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eUpdate Mattermost to versions 10.7.0, 10.6.2, 10.5.3, 10.4.5, 9.11.12 or higher.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://mattermost.com/security-updates\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Mattermost versions 10.6.x \u003c= 10.6.1, 10.5.x \u003c= 10.5.2, 10.4.x \u003c= 10.4.4, 9.11.x \u003c= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eMattermost versions 10.6.x \u0026lt;= 10.6.1, 10.5.x \u0026lt;= 10.5.2, 10.4.x \u0026lt;= 10.4.4, 9.11.x \u0026lt;= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-645\", \"description\": \"CWE-645: Overly Restrictive Account Lockout Mechanism\"}]}], \"providerMetadata\": {\"orgId\": \"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee\", \"shortName\": \"Mattermost\", \"dateUpdated\": \"2025-05-15T10:41:42.104Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-31947\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-15T13:46:27.427Z\", \"dateReserved\": \"2025-04-08T11:14:14.703Z\", \"assignerOrgId\": \"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee\", \"datePublished\": \"2025-05-15T10:41:42.104Z\", \"assignerShortName\": \"Mattermost\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CNVD-2025-12783
Vulnerability from cnvd - Published: 2025-06-18
VLAI Severity ?
Title
Mattermost存在未明漏洞
Description
Mattermost是美国Mattermost公司的一个开源协作平台。
Mattermost存在安全漏洞,该漏洞源于未能锁定LDAP用户,攻击者可利用该漏洞通过重复登录失败锁定外部LDAP账户。
Severity
中
Patch Name
Mattermost存在未明漏洞的补丁
Patch Description
Mattermost是美国Mattermost公司的一个开源协作平台。
Mattermost存在安全漏洞,该漏洞源于未能锁定LDAP用户,攻击者可利用该漏洞通过重复登录失败锁定外部LDAP账户。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级程序修复该安全问题,详情见厂商官网: https://mattermost.com/download/
Reference
https://mattermost.com/security-updates
Impacted products
| Name | ['Mattermost Mattermost >=10.5.x,<=10.5.2', 'Mattermost Mattermost >=9.11.x,<=9.11.11', 'Mattermost Mattermost >=10.6.x,<=10.6.1', 'Mattermost Mattermost >=10.4.x,<=10.4.4'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-31947",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-31947"
}
},
"description": "Mattermost\u662f\u7f8e\u56fdMattermost\u516c\u53f8\u7684\u4e00\u4e2a\u5f00\u6e90\u534f\u4f5c\u5e73\u53f0\u3002\n\nMattermost\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u9501\u5b9aLDAP\u7528\u6237\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u91cd\u590d\u767b\u5f55\u5931\u8d25\u9501\u5b9a\u5916\u90e8LDAP\u8d26\u6237\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://mattermost.com/download/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-12783",
"openTime": "2025-06-18",
"patchDescription": "Mattermost\u662f\u7f8e\u56fdMattermost\u516c\u53f8\u7684\u4e00\u4e2a\u5f00\u6e90\u534f\u4f5c\u5e73\u53f0\u3002\r\n\r\nMattermost\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u9501\u5b9aLDAP\u7528\u6237\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u91cd\u590d\u767b\u5f55\u5931\u8d25\u9501\u5b9a\u5916\u90e8LDAP\u8d26\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mattermost\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Mattermost Mattermost \u003e=10.5.x\uff0c\u003c=10.5.2",
"Mattermost Mattermost \u003e=9.11.x\uff0c\u003c=9.11.11",
"Mattermost Mattermost \u003e=10.6.x\uff0c\u003c=10.6.1",
"Mattermost Mattermost \u003e=10.4.x\uff0c\u003c=10.4.4"
]
},
"referenceLink": "https://mattermost.com/security-updates",
"serverity": "\u4e2d",
"submitTime": "2025-05-20",
"title": "Mattermost\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}
CERTFR-2025-AVI-0413
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mattermost Server. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mattermost | Mattermost Server | Mattermost Server versions 10.5.x antérieures à 10.5.3 | ||
| Mattermost | Mattermost Server | Mattermost Server versions 10.4.x antérieures à 10.4.5 | ||
| Mattermost | Mattermost Server | Mattermost Server versions 10.6.x antérieures à 10.6.2 | ||
| Mattermost | Mattermost Server | Mattermost Server versions 9.11.x antérieures à 9.11.12 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mattermost Server versions 10.5.x ant\u00e9rieures \u00e0 10.5.3",
"product": {
"name": "Mattermost Server",
"vendor": {
"name": "Mattermost",
"scada": false
}
}
},
{
"description": "Mattermost Server versions 10.4.x ant\u00e9rieures \u00e0 10.4.5",
"product": {
"name": "Mattermost Server",
"vendor": {
"name": "Mattermost",
"scada": false
}
}
},
{
"description": "Mattermost Server versions 10.6.x ant\u00e9rieures \u00e0 10.6.2",
"product": {
"name": "Mattermost Server",
"vendor": {
"name": "Mattermost",
"scada": false
}
}
},
{
"description": "Mattermost Server versions 9.11.x ant\u00e9rieures \u00e0 9.11.12",
"product": {
"name": "Mattermost Server",
"vendor": {
"name": "Mattermost",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3446"
},
{
"name": "CVE-2025-31947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31947"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0413",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mattermost Server. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mattermost Server",
"vendor_advisories": [
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2025-00459",
"url": "https://mattermost.com/security-updates/"
},
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2024-00407",
"url": "https://mattermost.com/security-updates/"
}
]
}
CERTFR-2025-AVI-0413
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mattermost Server. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mattermost | Mattermost Server | Mattermost Server versions 10.5.x antérieures à 10.5.3 | ||
| Mattermost | Mattermost Server | Mattermost Server versions 10.4.x antérieures à 10.4.5 | ||
| Mattermost | Mattermost Server | Mattermost Server versions 10.6.x antérieures à 10.6.2 | ||
| Mattermost | Mattermost Server | Mattermost Server versions 9.11.x antérieures à 9.11.12 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mattermost Server versions 10.5.x ant\u00e9rieures \u00e0 10.5.3",
"product": {
"name": "Mattermost Server",
"vendor": {
"name": "Mattermost",
"scada": false
}
}
},
{
"description": "Mattermost Server versions 10.4.x ant\u00e9rieures \u00e0 10.4.5",
"product": {
"name": "Mattermost Server",
"vendor": {
"name": "Mattermost",
"scada": false
}
}
},
{
"description": "Mattermost Server versions 10.6.x ant\u00e9rieures \u00e0 10.6.2",
"product": {
"name": "Mattermost Server",
"vendor": {
"name": "Mattermost",
"scada": false
}
}
},
{
"description": "Mattermost Server versions 9.11.x ant\u00e9rieures \u00e0 9.11.12",
"product": {
"name": "Mattermost Server",
"vendor": {
"name": "Mattermost",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3446"
},
{
"name": "CVE-2025-31947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31947"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0413",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mattermost Server. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mattermost Server",
"vendor_advisories": [
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2025-00459",
"url": "https://mattermost.com/security-updates/"
},
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Mattermost MMSA-2024-00407",
"url": "https://mattermost.com/security-updates/"
}
]
}
FKIE_CVE-2025-31947
Vulnerability from fkie_nvd - Published: 2025-05-15 11:15 - Updated: 2025-10-06 15:30
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.
References
| URL | Tags | ||
|---|---|---|---|
| responsibledisclosure@mattermost.com | https://mattermost.com/security-updates | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mattermost | mattermost_server | * | |
| mattermost | mattermost_server | * | |
| mattermost | mattermost_server | * | |
| mattermost | mattermost_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72BC2D9B-C2F6-44F4-940B-64A491146D3E",
"versionEndExcluding": "9.11.12",
"versionStartIncluding": "9.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9363A18-2E7A-42C9-A488-44B7EDBF9116",
"versionEndExcluding": "10.4.5",
"versionStartIncluding": "10.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCBD535-38E4-47C5-B166-8B4AAA3B05C6",
"versionEndExcluding": "10.5.3",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DDF086-F2C6-4F08-9930-AC606471B9B0",
"versionEndExcluding": "10.6.2",
"versionStartIncluding": "10.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.6.x \u003c= 10.6.1, 10.5.x \u003c= 10.5.2, 10.4.x \u003c= 10.4.4, 9.11.x \u003c= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost."
},
{
"lang": "es",
"value": "Las versiones de Mattermost 10.6.x \u0026lt;= 10.6.1, 10.5.x \u0026lt;= 10.5.2, 10.4.x \u0026lt;= 10.4.4, 9.11.x \u0026lt;= 9.11.11 no logran bloquear a los usuarios LDAP luego de repetidos fallos de inicio de sesi\u00f3n, lo que permite a los atacantes bloquear cuentas LDAP externas mediante repetidos fallos de inicio de sesi\u00f3n a trav\u00e9s de Mattermost."
}
],
"id": "CVE-2025-31947",
"lastModified": "2025-10-06T15:30:17.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-15T11:15:48.270",
"references": [
{
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mattermost.com/security-updates"
}
],
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-645"
}
],
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary"
}
]
}
GHSA-QGWX-RFFP-6CX9
Vulnerability from github – Published: 2025-05-15 12:30 – Updated: 2025-05-17 14:01
VLAI?
Summary
Mattermost Fails to Lockout LDAP Users After Repeated Login Failures
Details
Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.
Severity ?
5.8 (Medium)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.6.1"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.6.0"
},
{
"fixed": "10.6.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.5.2"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.5.0"
},
{
"fixed": "10.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 10.4.4"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.4.0"
},
{
"fixed": "10.4.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.11.11"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "9.11.0"
},
{
"fixed": "9.11.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0-20250415054241-76ab3867b785"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-31947"
],
"database_specific": {
"cwe_ids": [
"CWE-645"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-17T14:01:54Z",
"nvd_published_at": "2025-05-15T11:15:48Z",
"severity": "MODERATE"
},
"details": "Mattermost versions 10.6.x \u003c= 10.6.1, 10.5.x \u003c= 10.5.2, 10.4.x \u003c= 10.4.4, 9.11.x \u003c= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.",
"id": "GHSA-qgwx-rffp-6cx9",
"modified": "2025-05-17T14:01:55Z",
"published": "2025-05-15T12:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31947"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/pull/30821"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Mattermost Fails to Lockout LDAP Users After Repeated Login Failures"
}
WID-SEC-W-2025-0830
Vulnerability from csaf_certbund - Published: 2025-04-15 22:00 - Updated: 2025-05-25 22:00Summary
Mattermost: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Mattermost ist ein webbasierter Instant-Messaging-Dienst.
Angriff: Ein entfernter Angreifer kann mehrere Schwachstellen in Mattermost ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Daten offenzulegen oder einen Denial of Service zu verursachen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mattermost Mattermost Server <9.11.12
Mattermost / Mattermost
|
Server <9.11.12 | ||
|
Mattermost Mattermost Server <10.7.0
Mattermost / Mattermost
|
Server <10.7.0 | ||
|
Mattermost Mattermost Server <10.6.2
Mattermost / Mattermost
|
Server <10.6.2 | ||
|
Mattermost Mattermost Server <10.5.3
Mattermost / Mattermost
|
Server <10.5.3 | ||
|
Mattermost Mattermost Server <10.4.5
Mattermost / Mattermost
|
Server <10.4.5 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mattermost Mattermost Server <9.11.12
Mattermost / Mattermost
|
Server <9.11.12 | ||
|
Mattermost Mattermost Server <10.7.0
Mattermost / Mattermost
|
Server <10.7.0 | ||
|
Mattermost Mattermost Server <10.6.2
Mattermost / Mattermost
|
Server <10.6.2 | ||
|
Mattermost Mattermost Server <10.5.3
Mattermost / Mattermost
|
Server <10.5.3 | ||
|
Mattermost Mattermost Server <10.4.5
Mattermost / Mattermost
|
Server <10.4.5 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mattermost Mattermost Server <9.11.12
Mattermost / Mattermost
|
Server <9.11.12 | ||
|
Mattermost Mattermost Server <10.7.0
Mattermost / Mattermost
|
Server <10.7.0 | ||
|
Mattermost Mattermost Server <10.6.2
Mattermost / Mattermost
|
Server <10.6.2 | ||
|
Mattermost Mattermost Server <10.5.3
Mattermost / Mattermost
|
Server <10.5.3 | ||
|
Mattermost Mattermost Server <10.4.5
Mattermost / Mattermost
|
Server <10.4.5 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mattermost Mattermost Server <9.11.12
Mattermost / Mattermost
|
Server <9.11.12 | ||
|
Mattermost Mattermost Server <10.7.0
Mattermost / Mattermost
|
Server <10.7.0 | ||
|
Mattermost Mattermost Server <10.6.2
Mattermost / Mattermost
|
Server <10.6.2 | ||
|
Mattermost Mattermost Server <10.5.3
Mattermost / Mattermost
|
Server <10.5.3 | ||
|
Mattermost Mattermost Server <10.4.5
Mattermost / Mattermost
|
Server <10.4.5 |
References
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Mattermost ist ein webbasierter Instant-Messaging-Dienst.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Mattermost ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Daten offenzulegen oder einen Denial of Service zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0830 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0830.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0830 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0830"
},
{
"category": "external",
"summary": "Mattermost Security Updates vom 2025-04-15",
"url": "https://mattermost.com/security-updates/#server"
}
],
"source_lang": "en-US",
"title": "Mattermost: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-25T22:00:00.000+00:00",
"generator": {
"date": "2025-05-26T08:15:54.223+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0830",
"initial_release_date": "2025-04-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-25T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Informationen und CVE\u0027s erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Server \u003c10.7.0",
"product": {
"name": "Mattermost Mattermost Server \u003c10.7.0",
"product_id": "T042916"
}
},
{
"category": "product_version",
"name": "Server 10.7.0",
"product": {
"name": "Mattermost Mattermost Server 10.7.0",
"product_id": "T042916-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mattermost:mattermost_server:server__10.7.0"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c10.6.2",
"product": {
"name": "Mattermost Mattermost Server \u003c10.6.2",
"product_id": "T042917"
}
},
{
"category": "product_version",
"name": "Server 10.6.2",
"product": {
"name": "Mattermost Mattermost Server 10.6.2",
"product_id": "T042917-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mattermost:mattermost_server:server__10.6.2"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c10.5.3",
"product": {
"name": "Mattermost Mattermost Server \u003c10.5.3",
"product_id": "T042918"
}
},
{
"category": "product_version",
"name": "Server 10.5.3",
"product": {
"name": "Mattermost Mattermost Server 10.5.3",
"product_id": "T042918-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mattermost:mattermost_server:server__10.5.3"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c10.4.5",
"product": {
"name": "Mattermost Mattermost Server \u003c10.4.5",
"product_id": "T042919"
}
},
{
"category": "product_version",
"name": "Server 10.4.5",
"product": {
"name": "Mattermost Mattermost Server 10.4.5",
"product_id": "T042919-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mattermost:mattermost_server:server__10.4.5"
}
}
},
{
"category": "product_version_range",
"name": "Server \u003c9.11.12",
"product": {
"name": "Mattermost Mattermost Server \u003c9.11.12",
"product_id": "T042920"
}
},
{
"category": "product_version",
"name": "Server 9.11.12",
"product": {
"name": "Mattermost Mattermost Server 9.11.12",
"product_id": "T042920-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mattermost:mattermost_server:server__9.11.12"
}
}
}
],
"category": "product_name",
"name": "Mattermost"
}
],
"category": "vendor",
"name": "Mattermost"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-2527",
"product_status": {
"known_affected": [
"T042920",
"T042916",
"T042917",
"T042918",
"T042919"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-2527"
},
{
"cve": "CVE-2025-2570",
"product_status": {
"known_affected": [
"T042920",
"T042916",
"T042917",
"T042918",
"T042919"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-2570"
},
{
"cve": "CVE-2025-31947",
"product_status": {
"known_affected": [
"T042920",
"T042916",
"T042917",
"T042918",
"T042919"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-31947"
},
{
"cve": "CVE-2025-3446",
"product_status": {
"known_affected": [
"T042920",
"T042916",
"T042917",
"T042918",
"T042919"
]
},
"release_date": "2025-04-15T22:00:00.000+00:00",
"title": "CVE-2025-3446"
}
]
}
OPENSUSE-SU-2025:15159-1
Vulnerability from csaf_opensuse - Published: 2025-05-26 00:00 - Updated: 2025-05-26 00:00Summary
govulncheck-vulndb-0.0.20250523T151856-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: govulncheck-vulndb-0.0.20250523T151856-1.1 on GA media
Description of the patch: These are all security issues fixed in the govulncheck-vulndb-0.0.20250523T151856-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15159
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "govulncheck-vulndb-0.0.20250523T151856-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250523T151856-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15159",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15159-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15159-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBVOKYMJCE2HZLSF5W3H3Q7KEHMMOQR3/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15159-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBVOKYMJCE2HZLSF5W3H3Q7KEHMMOQR3/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40120 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1975 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2527 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2570 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31947 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3446 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3446/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47282 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47282/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47283 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47290 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47291 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48069 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5031 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5031/"
}
],
"title": "govulncheck-vulndb-0.0.20250523T151856-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-26T00:00:00Z",
"generator": {
"date": "2025-05-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15159-1",
"initial_release_date": "2025-05-26T00:00:00Z",
"revision_history": [
{
"date": "2025-05-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"product": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"product_id": "govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"product": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"product_id": "govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"product": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"product_id": "govulncheck-vulndb-0.0.20250523T151856-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64",
"product": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64",
"product_id": "govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64"
},
"product_reference": "govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le"
},
"product_reference": "govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x"
},
"product_reference": "govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
},
"product_reference": "govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-40120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40120"
}
],
"notes": [
{
"category": "general",
"text": "seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40120",
"url": "https://www.suse.com/security/cve/CVE-2024-40120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-40120"
},
{
"cve": "CVE-2025-1975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1975"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1975",
"url": "https://www.suse.com/security/cve/CVE-2025-1975"
},
{
"category": "external",
"summary": "SUSE Bug 1243287 for CVE-2025-1975",
"url": "https://bugzilla.suse.com/1243287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-1975"
},
{
"cve": "CVE-2025-2527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2527"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.5.x \u003c= 10.5.2, 9.11.x \u003c= 9.11.11 failed to properly verify a user\u0027s permissions when accessing groups, which allows an attacker to view group information via an API request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2527",
"url": "https://www.suse.com/security/cve/CVE-2025-2527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-2527"
},
{
"cve": "CVE-2025-2570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2570"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn\u0027t have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2570",
"url": "https://www.suse.com/security/cve/CVE-2025-2570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-2570"
},
{
"cve": "CVE-2025-31947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31947"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.6.x \u003c= 10.6.1, 10.5.x \u003c= 10.5.2, 10.4.x \u003c= 10.4.4, 9.11.x \u003c= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31947",
"url": "https://www.suse.com/security/cve/CVE-2025-31947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-31947"
},
{
"cve": "CVE-2025-3446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3446"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.6.x \u003c= 10.6.1, 10.5.x \u003c= 10.5.2, 10.4.x \u003c= 10.4.4, 9.11.x \u003c= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3446",
"url": "https://www.suse.com/security/cve/CVE-2025-3446"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-3446"
},
{
"cve": "CVE-2025-47282",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47282"
}
],
"notes": [
{
"category": "general",
"text": "Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener\u0027s External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. The affected component is `gardener/external-dns-management`. The `external-dns-management` component may also be deployed on the seeds by the `gardener/gardener-extension-shoot-dns-service` extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `\u003c= v1.60.0` are affected by this vulnerability. Version 0.23.6 of Gardener External DNS Management fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47282",
"url": "https://www.suse.com/security/cve/CVE-2025-47282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-47282"
},
{
"cve": "CVE-2025-47283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47283"
}
],
"notes": [
{
"category": "general",
"text": "Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47283",
"url": "https://www.suse.com/security/cve/CVE-2025-47283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-47283"
},
{
"cve": "CVE-2025-47284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47284"
}
],
"notes": [
{
"category": "general",
"text": "Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations where gardener/gardener-extension-provider-gcp is in use. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47284",
"url": "https://www.suse.com/security/cve/CVE-2025-47284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-47284"
},
{
"cve": "CVE-2025-47290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47290"
}
],
"notes": [
{
"category": "general",
"text": "containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. This bug has been fixed in containerd 2.1.1. Users should update to this version to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47290",
"url": "https://www.suse.com/security/cve/CVE-2025-47290"
},
{
"category": "external",
"summary": "SUSE Bug 1243392 for CVE-2025-47290",
"url": "https://bugzilla.suse.com/1243392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-47290"
},
{
"cve": "CVE-2025-47291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47291"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an open-source container runtime. A bug was found in the containerd\u0027s CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn\u0027t put usernamespaced containers under the Kubernetes\u0027 cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47291",
"url": "https://www.suse.com/security/cve/CVE-2025-47291"
},
{
"category": "external",
"summary": "SUSE Bug 1243632 for CVE-2025-47291",
"url": "https://bugzilla.suse.com/1243632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-47291"
},
{
"cve": "CVE-2025-48056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48056"
}
],
"notes": [
{
"category": "general",
"text": "Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack. The issue is patched in Hubble CLI v1.17.2. Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48056",
"url": "https://www.suse.com/security/cve/CVE-2025-48056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-48056"
},
{
"cve": "CVE-2025-48069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48069"
}
],
"notes": [
{
"category": "general",
"text": "ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values may include malicious content, resulting in additional unintended commands being output to `stdout`. If this output is improperly utilized in further command execution, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. Version 2.0.8 sanitizes output during decryption. Other mitigations involve avoiding use of `ejson2env` to decrypt untrusted user secrets and/or avoiding evaluating or executing the direct output from `ejson2env` without removing nonprintable characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48069",
"url": "https://www.suse.com/security/cve/CVE-2025-48069"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-48069"
},
{
"cve": "CVE-2025-5031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5031"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5031",
"url": "https://www.suse.com/security/cve/CVE-2025-5031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-5031"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…