Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool.
Fixes

Solution

Update Mattermost to versions 10.6.0, 10.4.3, 10.5.1, 9.11.10 or higher.


Workaround

No workaround given by the vendor.

References
History

Mon, 29 Sep 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Mattermost
Mattermost mattermost Server
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:10.5.0:-:*:*:*:*:*:*
Vendors & Products Mattermost
Mattermost mattermost Server

Wed, 16 Apr 2025 09:30:00 +0000

Type Values Removed Values Added
Description Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool.
Title Data exfiltration via AI plugin Jira tool
Weaknesses CWE-1426
References
Metrics cvssV3_1

{'score': 3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published:

Updated: 2025-04-16T14:33:01.674Z

Reserved: 2025-04-08T07:50:19.617Z

Link: CVE-2025-31363

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2025-04-16T10:15:15.170

Modified: 2025-09-29T21:24:36.903

Link: CVE-2025-31363

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.