CVE-2025-14273 - Vulnerability Details - OpenCVE

Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows a valid user ID to issue authenticated GET and POST requests to the Jira server via crafted plugin payloads that spoof the user ID and inject arbitrary issue key paths. Mattermost Advisory ID: MMSA-2025-00555

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00056.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://mattermost.com/security-updates

History

Mon, 22 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 22 Dec 2025 11:45:00 +0000

Type	Values Removed	Values Added
Description		Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows a valid user ID to issue authenticated GET and POST requests to the Jira server via crafted plugin payloads that spoof the user ID and inject arbitrary issue key paths. Mattermost Advisory ID: MMSA-2025-00555
Title		Mattermost Jira plugin user spoofing enables Jira request forgery.
Weaknesses		CWE-303
References		https://mattermost.com/security-updates
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2025-12-22T11:24:55.893Z

Updated: 2025-12-22T12:59:27.938Z

Reserved: 2025-12-08T15:48:01.007Z

Link: CVE-2025-14273

Vulnrichment

Updated: 2025-12-22T12:59:21.565Z

NVD

Status : Received

Published: 2025-12-22T12:16:19.240

Modified: 2025-12-22T12:16:19.240

Link: CVE-2025-14273

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14273", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2025-12-08T15:48:01.007Z", "datePublished": "2025-12-22T11:24:55.893Z", "dateUpdated": "2025-12-22T12:59:27.938Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "11.1.0", "status": "affected", "version": "11.1.0", "versionType": "semver"}, {"lessThanOrEqual": "11.0.5", "status": "affected", "version": "11.0.0", "versionType": "semver"}, {"lessThanOrEqual": "10.12.3", "status": "affected", "version": "10.12.0", "versionType": "semver"}, {"lessThanOrEqual": "10.11.7", "status": "affected", "version": "10.11.0", "versionType": "semver"}, {"version": "11.2.0", "status": "unaffected"}, {"version": "11.1.1", "status": "unaffected"}, {"version": "11.0.6", "status": "unaffected"}, {"version": "10.12.4", "status": "unaffected"}, {"version": "10.11.8", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Juho Fors\u00e9n"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows a valid user ID to issue authenticated GET and POST requests to the Jira server via crafted plugin payloads that spoof the user ID and inject arbitrary issue key paths. Mattermost Advisory ID: MMSA-2025-00555"}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "baseSeverity": "HIGH", "baseScore": 7.2}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-303: Incorrect Implementation of Authentication Algorithm", "cweId": "CWE-303"}]}], "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"value": "Update Mattermost to versions 11.2.0, 11.1.1, 11.0.6, 10.12.4, 10.11.8 or higher. Alternatively, update the Mattermost Jira plugin to version 4.4.1 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2025-00555", "defect": ["https://mattermost.atlassian.net/browse/MM-66564"], "discovery": "{\"self\"=>\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=>\"Internal\", \"id\"=>\"10557\"}"}, "title": "Mattermost Jira plugin user spoofing enables Jira request forgery.", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2025-12-22T11:24:55.893Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-22T12:58:59.371686Z", "id": "CVE-2025-14273", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T12:59:27.938Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14273", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-22T12:58:59.371686Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-22T12:59:21.565Z"}}], "cna": {"title": "Mattermost Jira plugin user spoofing enables Jira request forgery.", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-66564"], "advisory": "MMSA-2025-00555", "discovery": "{\"self\"=>\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=>\"Internal\", \"id\"=>\"10557\"}"}, "credits": [{"lang": "en", "type": "finder", "value": "Juho Fors\u00e9n"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "11.1.0", "versionType": "semver", "lessThanOrEqual": "11.1.0"}, {"status": "affected", "version": "11.0.0", "versionType": "semver", "lessThanOrEqual": "11.0.5"}, {"status": "affected", "version": "10.12.0", "versionType": "semver", "lessThanOrEqual": "10.12.3"}, {"status": "affected", "version": "10.11.0", "versionType": "semver", "lessThanOrEqual": "10.11.7"}, {"status": "unaffected", "version": "11.2.0"}, {"status": "unaffected", "version": "11.1.1"}, {"status": "unaffected", "version": "11.0.6"}, {"status": "unaffected", "version": "10.12.4"}, {"status": "unaffected", "version": "10.11.8"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost to versions 11.2.0, 11.1.1, 11.0.6, 10.12.4, 10.11.8 or higher. Alternatively, update the Mattermost Jira plugin to version 4.4.1 or higher."}], "references": [{"url": "https://mattermost.com/security-updates"}], "descriptions": [{"lang": "en", "value": "Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows a valid user ID to issue authenticated GET and POST requests to the Jira server via crafted plugin payloads that spoof the user ID and inject arbitrary issue key paths. Mattermost Advisory ID: MMSA-2025-00555"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-303", "description": "CWE-303: Incorrect Implementation of Authentication Algorithm"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2025-12-22T11:24:55.893Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14273", "state": "PUBLISHED", "dateUpdated": "2025-12-22T12:59:27.938Z", "dateReserved": "2025-12-08T15:48:01.007Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2025-12-22T11:24:55.893Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.2"}