Base Score

MEDIUM6.5

CVE-2025-31363

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool.

VectorNETWORK

Published Byresponsibledisclosure@mattermost.com

Published DateApr 16, 2025, 10:15

Affected Versions(4)

github.com/mattermost/mattermost/server/v8(Go)

Introduced10.5.0

Fixed10.5.1

LimitN/A

github.com/mattermost/mattermost/server/v8(Go)

Introduced10.4.0

Fixed10.4.3

LimitN/A

github.com/mattermost/mattermost/server/v8(Go)

Introduced9.11.0

Fixed9.11.10

LimitN/A

github.com/mattermost/mattermost/server/v8(Go)

Introduced0

Fixed8.0.0-20250218121836-2b5275d87136

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/mattermost/mattermost/server/v8(Go)	10.5.0	10.5.1	N/A
github.com/mattermost/mattermost/server/v8(Go)	10.4.0	10.4.3	N/A
github.com/mattermost/mattermost/server/v8(Go)	9.11.0	9.11.10	N/A
github.com/mattermost/mattermost/server/v8(Go)	0	8.0.0-20250218121836-2b5275d87136	N/A

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

https://mattermost.com/security-updates

Base Score

MEDIUM6.5

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE