{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "9.11.0" }, { "fixed": "9.11.12" }, { "introduced": "10.4.0" }, { "fixed": "10.4.5" }, { "introduced": "10.5.0" }, { "fixed": "10.5.3" }, { "introduced": "10.6.0" }, { "fixed": "10.6.2" } ] }, "events": [ { "introduced": "0bc2ddd42375a75ab14e63f038165150d4f07659" }, { "fixed": "e4fe8d850b9e004bd83bde62b925c33c93a80304" }, { "introduced": "7c8c0b7464fa9cd2fbfb97c65d1475b4be2e765c" }, { "fixed": "5309b12d92400b00822488c7ec92e40ea50aaae7" }, { "introduced": "58bd34fd34cbd7d3da777d627b6cffdf8a532930" }, { "fixed": "844447fbd57c8afc26431f7b200f44b02e0079cd" }, { "introduced": "5eebc77b68c0c2b63103316e3c92342c13fd93f9" }, { "fixed": "76ab3867b7857f6ae22f619a3d07bacdec6510c0" } ], "repo": "https://github.com/mattermost/mattermost-server", "type": "GIT" } ] } ], "details": "Mattermost versions 10.6.x \u003c= 10.6.1, 10.5.x \u003c= 10.5.2, 10.4.x \u003c= 10.4.4, 9.11.x \u003c= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.", "id": "CVE-2025-31947", "modified": "2026-03-10T21:51:07.431301916Z", "published": "2025-05-15T11:15:48.270Z", "references": [ { "type": "ADVISORY", "url": "https://mattermost.com/security-updates" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "type": "CVSS_V3" } ] }