CVE-2025-31363

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool.

CVSS v3 3.0 LOW

3.0^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.3 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://mattermost.com/security-updates	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server:10.5.0:-::::::

History

29 Sep 2025, 21:24

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
Summary		(es) Las versiones de Mattermost 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 no restringen los dominios que LLM puede solicitar para contactar ascendentemente, lo que permite que un usuario autenticado extraiga datos de un servidor arbitrario accesible para la víctima mediante la realización de una inyección rápida en la herramienta Jira del complemento de IA.
CPE		cpe:2.3:a:mattermost:mattermost_server:10.5.0:-:::::: cpe:2.3:a:mattermost:mattermost_server::::::::
References	~~() https://mattermost.com/security-updates -~~	() https://mattermost.com/security-updates - Vendor Advisory
First Time		Mattermost Mattermost mattermost Server

16 Apr 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-16 10:15

Updated : 2025-09-29 21:24

NVD link : CVE-2025-31363

Mitre link : CVE-2025-31363

CVE.ORG link : CVE-2025-31363

JSON object : View

Products Affected

mattermost

mattermost_server

CWE

NVD-CWE-Other

{"id": "CVE-2025-31363", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.0, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-04-16T10:15:15.170", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["Vendor Advisory"], "source": "responsibledisclosure@mattermost.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream\u00a0which allows an authenticated user to\u00a0exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection\u00a0in the AI plugin's Jira tool."}, {"lang": "es", "value": "Las versiones de Mattermost 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 no restringen los dominios que LLM puede solicitar para contactar ascendentemente, lo que permite que un usuario autenticado extraiga datos de un servidor arbitrario accesible para la v\u00edctima mediante la realizaci\u00f3n de una inyecci\u00f3n r\u00e1pida en la herramienta Jira del complemento de IA."}], "lastModified": "2025-09-29T21:24:36.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73837B0A-0874-4B7D-8B09-D3CB7E249EA0", "versionEndExcluding": "9.11.10", "versionStartIncluding": "9.11.0"}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2ACE54D-3EC6-4AC9-B243-35E8FFBE0EA0", "versionEndExcluding": "10.4.3", "versionStartIncluding": "10.4.0"}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:10.5.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCB473B7-939A-437C-9488-980523F2B043"}], "operator": "OR"}]}], "sourceIdentifier": "responsibledisclosure@mattermost.com"}