CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-44004

Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.7%

CVSS Severity

CVSS v3 Score 7.2

References

https://mattermost.com/security-updates

Products affected by CVE-2025-44004

Mattermost » Confluence » Version: Any

cpe:2.3:a:mattermost:confluence:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-44004

Products

Pricing

Contact Us