Request Handling Flaw in Mattermost Confluence Plugin
CVE-2025-52931

7.5HIGH

Key Information:

Vendor: Mattermost
Status: Mattermost Confluence Plugin
Vendor: CVE Published:; 11 August 2025

What is CVE-2025-52931?

The Mattermost Confluence Plugin prior to version 1.5.0 contains a flaw in its request handling mechanism. This vulnerability allows attackers to exploit the update channel subscription endpoint by sending invalid request bodies. Such attacks can result in the unintended crashing of the plugin, disrupting its functionality and affecting the user experience. Proper input validation and robust request handling are essential to mitigate this risk.

Affected Version(s)

Mattermost Confluence Plugin 0 < 1.5.0

Mattermost Confluence Plugin 1.5.0

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2025
Vulnerability Reserved
Jul 28, 2025

Credit

Lorenzo Gallegos