Mattermost Server CVE-2025-31363
LOWCVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionNVD
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool.
AnalysisAI
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool. Affected products include: Mattermost Mattermost Server.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More from same product – last 7 days
Share
External POC / Exploit Code
Leaving vuln.today