CVE-2025-14273

EPSS 0.12%
Veröffentlicht 22.12.2025 11:24:55
Zuletzt bearbeitet 29.12.2025 18:47:45
Quelle responsibledisclosure@mattermo
CVE-Watchlists
Login
Unerledigt
Login

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows a valid user ID to issue authenticated GET and POST requests to the Jira server via crafted plugin payloads that spoof the user ID and inject arbitrary issue key paths. Mattermost Advisory ID: MMSA-2025-00555

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mattermost ≫ Mattermost Server Version >= 10.11.0 < 10.11.8

Mattermost ≫ Mattermost Server Version >= 10.12.0 < 10.12.4

Mattermost ≫ Mattermost Server Version >= 11.0.0 < 11.0.6

Mattermost ≫ Mattermost Server Version >= 11.1.0 < 11.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.323

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.3	3.9	3.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
responsibledisclosure@mattermost.com	7.2	3.9	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

CWE-303 Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

https://mattermost.com/security-updates

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-14273

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14273

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14273

EUVD