cbcvebase.
CVE-2025-47700
published 2025-08-21

CVE-2025-47700: Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking…

low3.5CVSS 3.1
AVNACLPRLUIRSUCNILAN
Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions

Affected

9 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server>= 10.5.0 < 10.5.1010.5.10
github.commattermost_mattermost-server>= 10.5.0+incompatible < 10.5.10+incompatible10.5.10+incompatible
github.commattermost_mattermost_server_v8>= 0 < 8.0.0-20250814075248-83a37a861d3c8.0.0-20250814075248-83a37a861d3c
mattermostmattermost10.5.0 – 10.5.8
mattermostmattermost_server>= 10.5.0 < 10.5.910.5.9
msrcazl3_kernel_6.6.51.1-5_on_azure_linux_3.0
msrcazl3_kernel_6.6.56.1-5_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64