CVE-2025-52931

Summary

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost Confluence Plugin0 < 1.5.0affected
MattermostMattermost Confluence Plugin1.5.0unaffected

Weaknesses

  • CWE-754: CWE-754: Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References