CVE-2025-53514 MEDIUM

CVE-2025-53514: Unexpected Input to Server Webhook endpoint Causes DoS in Mattermost Confluence Plugin

Vendor Mattermost
Product Mattermost Confluence Plugin
Weakness CWE-754
Published August 11, 2025
Last update August 11, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.

Key dates

02Disclosure timeline

August 11, 2025 CVE published
August 11, 2025 Record updated