CVE-2025-54478

CWE-306Missing Authentication5 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 67.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mattermost Mattermost Confluence PluginGithub.com Mattermost/mattermost-plugin-confluenceMattermost Confluence
Timeline
PublishedAug 11
Latest updateAug 18

Description

Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

Affected Packages3 packages

🔴Vulnerability Details

4
OSV
Mattermost Confluence Plugin is Missing Authentication for Critical Function in github.com/mattermost/mattermost-plugin-confluence2025-08-18
GHSA
Mattermost Confluence Plugin is Missing Authentication for Critical Function2025-08-11
OSV
Mattermost Confluence Plugin is Missing Authentication for Critical Function2025-08-11
CVEList
Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin2025-08-11
CVE-2025-54478 (MEDIUM CVSS 5.3) | Mattermost Confluence Plugin versio | cvebase.io