Prompt Injection Vulnerability in Mattermost AI Plugin
CVE-2025-31363
3LOW
What is CVE-2025-31363?
Mattermost versions 10.4.x through 10.4.2, 10.5.x through 10.5.0, and 9.11.x through 9.11.9 are susceptible to a prompt injection vulnerability in the AI plugin's Jira tool. This flaw enables authenticated users to execute malicious commands that can lead to unauthorized data exfiltration from any server the authenticated user can access. The issue arises from insufficient domain restrictions on requests made by the large language model (LLM) within the plugin, creating potential data leakage risks.
Affected Version(s)
Mattermost 10.4.0 <= 10.4.2
Mattermost 10.5.0
Mattermost 9.11.0 <= 9.11.9