Prompt Injection Vulnerability in Mattermost AI Plugin
CVE-2025-31363

3LOW

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 16 April 2025

Summary

Mattermost versions 10.4.x through 10.4.2, 10.5.x through 10.5.0, and 9.11.x through 9.11.9 are susceptible to a prompt injection vulnerability in the AI plugin's Jira tool. This flaw enables authenticated users to execute malicious commands that can lead to unauthorized data exfiltration from any server the authenticated user can access. The issue arises from insufficient domain restrictions on requests made by the large language model (LLM) within the plugin, creating potential data leakage risks.

Affected Version(s)

Mattermost 10.4.0 <= 10.4.2

Mattermost 10.5.0

Mattermost 9.11.0 <= 9.11.9

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Apr 8, 2025

Credit

Juho Forsén