CVE-2025-53514 — Vulnetix

CVE-2025-53514 PUBLISHED CVSS 5.900000095367432 MEDIUM

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.

EPSS 0.09% · 25.6th percentile

Risk Scores

CVSS v3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.09%

25.6th percentile

Affected Products

Vendor	Product	Versions
mattermost	confluence	0
Mattermost	Mattermost Confluence Plugin	0, 1.5.0
github.com	mattermost/mattermost-plugin-confluence	0

Timeline

Aug 11, 2025 CVE Published
Aug 11, 2025 Coalition ESS Score
Aug 11, 2025 PoC Published
Aug 12, 2025 EPSS Score
Aug 12, 2025 Coalition ESS Score
Aug 20, 2025 EPSS Score
Aug 22, 2025 Coalition ESS Score
Aug 26, 2025 Coalition ESS Score
Aug 29, 2025 EPSS Score
Sep 6, 2025 EPSS Score
Sep 14, 2025 EPSS Score
Sep 22, 2025 EPSS Score

References

https://mattermost.com/security-updates url
https://nvd.nist.gov/vuln/detail/CVE-2025-53514 advisory
https://github.com/mattermost/mattermost-plugin-confluence package

Open in Interactive Console →