CVE-2025-52931
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-09-25
Assigner: Mattermost, Inc.
Description
Description
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mattermost | confluence | to 1.5.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Mattermost Confluence Plugin versions before 1.5.0, where the plugin does not properly handle unexpected request bodies. Attackers can exploit this by repeatedly sending invalid request bodies to the update channel subscription endpoint, causing the plugin to crash.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by crashing the Mattermost Confluence Plugin, potentially disrupting normal operations and availability of the plugin's functionality.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70