VDB

CISA-2025-54525

CISA-2025-54525 PUBLISHED CVSS 7.5 HIGH

Reported by Mattermost · Published August 11, 2025

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
MattermostMattermost Confluence Plugin0, 1.5.0
MattermostMattermost Confluence Plugin1.5.0, 0, 1.5.0

Timeline

  • Aug 11, 2025 CVE Published
  • Aug 11, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›