CVE-2025-54525
HIGHDescription
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
Is your site exposed to CVE-2025-54525?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mattermost | confluence |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-54525? +
How severe is CVE-2025-54525? +
What products are affected by CVE-2025-54525? +
How do I check if I'm vulnerable to CVE-2025-54525? +
Related Vulnerabilities
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated …
Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection. A bad actor …
A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the …
A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the …
Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in …
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, …