PT-2025-34196 · Mattermost · Mattermost Server+1
Juho Forsén
·
Published
2025-08-21
·
Updated
2025-08-29
·
CVE-2025-47700
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Mattermost Server versions 10.5.0 through 10.5.9
Description:
Mattermost Server versions 10.5.x up to and including 10.5.9, when utilizing the Agents plugin, do not reject empty request bodies. This allows users to potentially trick others into clicking malicious links through post actions.
Recommendations:
Update Mattermost Server to a version later than 10.5.9.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Agents Plugin
Mattermost Server