CVE-2025-8285

CWE-862Missing AuthorizationCWE-787Out-of-bounds Write6 documents5 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 89.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mattermost Mattermost Confluence PluginGithub.com Mattermost/mattermost-plugin-confluenceMattermost Confluence
Timeline
PublishedAug 11
Latest updateAug 18

Description

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages3 packages

🔴Vulnerability Details

4
OSV
Mattermost Confluence Plugin has Missing Authorization vulnerability in github.com/mattermost/mattermost-plugin-confluence2025-08-18
CVEList
Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin2025-08-11
GHSA
Mattermost Confluence Plugin has Missing Authorization vulnerability2025-08-11
OSV
Mattermost Confluence Plugin has Missing Authorization vulnerability2025-08-11

📋Vendor Advisories

1
Microsoft
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.2020-12-08
CVE-2025-8285 (MEDIUM CVSS 5.3) | Mattermost Confluence Plugin versio | cvebase.io