CVE-2025-13352
LOWDescription
Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions <=2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mattermost | mattermost_server |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-13352? +
How severe is CVE-2025-13352? +
What products are affected by CVE-2025-13352? +
How do I check if I'm vulnerable to CVE-2025-13352? +
Related Vulnerabilities
A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the …
A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the …
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated …
Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection. A bad actor …
Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in …
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB …