CVE-2025-13352

EPSS 0.05%
Veröffentlicht 17.12.2025 12:11:25
Zuletzt bearbeitet 29.12.2025 18:50:47
Quelle responsibledisclosure@mattermo
CVE-Watchlists
Login
Unerledigt
Login

Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking

Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions <=2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mattermost ≫ Mattermost Server Version >= 10.11.0 < 10.11.7

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.138

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
responsibledisclosure@mattermost.com	3	1.3	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

CWE-1287 Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

https://mattermost.com/security-updates

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-13352

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-13352

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-13352

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-13352