CVE-2025-54525 HIGH

CVE-2025-54525: Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin

Vendor Mattermost
Product Mattermost Confluence Plugin
Weakness CWE-1287
Published August 11, 2025
Last update August 11, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.

Key dates

02Disclosure timeline

August 11, 2025 CVE published
August 11, 2025 Record updated