CVE-2025-0998 — Out-of-bounds Read in Mattermost Mattermost-plugin-zoom

CWE-125 — Out-of-bounds Read CWE-862 — Missing Authorization CWE-190 — Integer Overflow or Wraparound7 documents6 sources

Severity

8.8HIGH

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Mattermost Mattermost-plugin-zoom Paloalto Prisma Browser Google Chrome Chrome +7 more

Timeline

PublishedFeb 21

Latest updateFeb 16

Description

Stable Channel Update for ChromeOS / ChromeOS Flex - M133 CVE-2025-0998

Affected Packages10 packages

▶Gogithub.com/mattermost_mattermost-plugin-zoom< 1.12.0

▶msrcmsrc/microsoft_edge

▶googlegoogle/chrome_chrome

▶Palo Altopaloalto/prisma_browser

▶msrcmsrc/cbl_mariner_1.0_arm

🔴Vulnerability Details

GHSA

Mattermost Plugin Zoom fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint↗2026-02-16

▶

GHSA

GHSA-4v9x-qxmv-4h58: Out of bounds memory access in V8 in Google Chrome prior to 133↗2025-02-15

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0007 Chromium: Monthly Vulnerability Update (March 2025)↗2025-03-12

▶

Chrome

Stable Channel Update for ChromeOS / ChromeOS Flex - M133: CVE-2025-0998↗2025-02-21

▶

Microsoft

Chromium: CVE -2025-0998 Out of bounds memory access in V8↗2025-02-11

▶

Microsoft

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potenti↗2022-03-08

▶