CVE-2025-54525
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-09-24
Assigner: Mattermost, Inc.
Description
Description
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mattermost | confluence | to 1.5.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Mattermost Confluence Plugin versions before 1.5.0, where the plugin does not properly handle unexpected request bodies. An attacker can exploit this by repeatedly sending invalid request bodies to the create channel subscription endpoint, causing the plugin to crash.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by crashing the Mattermost Confluence Plugin, potentially disrupting normal operations that depend on this plugin.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70