CVE-2025-31947

MEDIUM Year: 2025
CVSS v3 Score
5.8
Medium
Weakness Type
CWE-645
View all →

Vulnerability Description

Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.

Related Vulnerabilities

CVE-2024-1722

MEDIUM
CVSS:5.3(Medium)

A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

CWE-6452024

CVE-2024-37028

MEDIUM
CVSS:5.3(Medium)

BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE-6452024

CVE-2023-4346

HIGH
CVSS:7.5(High)

KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the devic...

CWE-6452023

CVE-2023-4346

HIGH
CVSS:7.5(High)

KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the devic...

CWE-6452023

CVE-2024-1722

MEDIUM
CVSS:5.3(Medium)

A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

CWE-6452024

CVE-2024-37028

MEDIUM
CVSS:5.3(Medium)

BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE-6452024