Vulnerability in Mattermost Server Agents Plugin
CVE-2025-47700

3.5LOW

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 21 August 2025

What is CVE-2025-47700?

A vulnerability exists in Mattermost Server versions 10.5.x up to 10.5.9 that impacts the Agents plugin. The flaw allows attackers to exploit an improper input handling issue by sending empty request bodies. This could be exploited to deceive users into clicking on malicious links through crafted post actions, potentially leading to further security risks. It is crucial for users of the affected versions to address this vulnerability by following the security updates provided by Mattermost.

Affected Version(s)

Mattermost 10.5.0 <= 10.5.8

Mattermost 10.10.0

Mattermost 10.5.9

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Jul 22, 2025

Credit

Juho Forsén