CVE-2025-8285

EPSS 0.05%
Veröffentlicht 11.08.2025 18:57:07
Zuletzt bearbeitet 24.09.2025 00:34:43
Quelle responsibledisclosure@mattermo
CVE-Watchlists
Login
Unerledigt
Login

Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mattermost ≫ Confluence Version < 1.5.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.163

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
responsibledisclosure@mattermost.com	4	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://mattermost.com/security-updates

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-8285

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-8285

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-8285

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-8285