CVE-2025-53514
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-09-25
Assigner: Mattermost, Inc.
Description
Description
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mattermost | confluence | to 1.5.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Mattermost Confluence Plugin versions before 1.5.0 do not properly handle unexpected request bodies. This flaw allows attackers to repeatedly send invalid request bodies to the server webhook endpoint, causing the plugin to crash.
How can this vulnerability impact me? :
This vulnerability can cause denial of service by crashing the Mattermost Confluence Plugin, potentially disrupting services that rely on this plugin.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70