Vulnerability Database

314,615

Total vulnerabilities in the database

CVE-2025-14273

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows a valid user ID to issue authenticated GET and POST requests to the Jira server via crafted plugin payloads that spoof the user ID and inject arbitrary issue key paths. Mattermost Advisory ID: MMSA-2025-00555

Published: Dec 22, 2025
Updated: Dec 23, 2025
CVE: CVE-2025-14273
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

CWEs:

CWE-303

Affected Software
References

Software	From	Fixed in
mattermost / mattermost_server	10.11.0	10.11.8
mattermost / mattermost_server	10.12.0	10.12.4
mattermost / mattermost_server	11.0.0	11.0.6
mattermost / mattermost_server	11.1.0	11.1.1

https://mattermost.com/security-updates

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo