Access Control Vulnerability in Mattermost Confluence Plugin
CVE-2025-54458

5MEDIUM

Key Information:

Vendor

Mattermost
Status
Mattermost Confluence Plugin
Vendor
CVE Published:
11 August 2025

What is CVE-2025-54458?

The Mattermost Confluence Plugin prior to version 1.5.0 contains a significant security flaw in its access control mechanisms. This vulnerability allows unauthorized users to create subscriptions for Confluence spaces to which they do not have legitimate access. By exploiting this weakness, attackers may gain access to restricted information, potentially leading to further security breaches. Organizations using the affected versions should prioritize updating to mitigate this risk.

Affected Version(s)

Mattermost Confluence Plugin 0 < 1.5.0

Mattermost Confluence Plugin 1.5.0

References

https://mattermost.com/security-updates

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lorenzo Gallegos
.
CVE-2025-54458 : Access Control Vulnerability in Mattermost Confluence Plugin