CVE-2025-64641

CVSS v3.1

4.1

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.7 Mattermost versions 10.12.x through 10.12.3 Mattermost versions 11.0.x through 11.0.5 Mattermost versions 11.1.x through 11.1.0

Description Mattermost fails to verify that post actions invoking '/share-issue-publicly' were created by the Jira plugin. This allows a malicious Mattermost user to potentially exfiltrate Jira tickets when victim users interact with affected posts.

Recommendations Update Mattermost to a version later than 10.11.7. Update Mattermost to a version later than 10.12.3. Update Mattermost to a version later than 11.0.5. Update Mattermost to a version later than 11.1.0.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2025-64641

GHSA-VWW6-79RV-3J4X

GO-2025-4260

SUSE-SU-2026:0757-1

Affected Products

Jira Plugin

Mattermost

CVE-2025-64641

Weakness Enumeration

Related Identifiers

Affected Products

References · 119