VDB
CISA-2025-54525
CISA-2025-54525
PUBLISHED
CVSS 7.5 HIGH
Reported by Mattermost · Published August 11, 2025
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mattermost | Mattermost Confluence Plugin | 0, 1.5.0 |
| Mattermost | Mattermost Confluence Plugin | 1.5.0, 0, 1.5.0 |
Timeline
- Aug 11, 2025 CVE Published
- Aug 11, 2025 CVE Updated