Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool.
Metrics
Affected Vendors & Products
Fixes
Solution
Update Mattermost to versions 10.6.0, 10.4.3, 10.5.1, 9.11.10 or higher.
Workaround
No workaround given by the vendor.
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
![]() ![]() |
History
Mon, 29 Sep 2025 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost
Mattermost mattermost Server |
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* cpe:2.3:a:mattermost:mattermost_server:10.5.0:-:*:*:*:*:*:* |
|
Vendors & Products |
Mattermost
Mattermost mattermost Server |
Wed, 16 Apr 2025 09:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool. | |
Title | Data exfiltration via AI plugin Jira tool | |
Weaknesses | CWE-1426 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Mattermost
Published:
Updated: 2025-04-16T14:33:01.674Z
Reserved: 2025-04-08T07:50:19.617Z
Link: CVE-2025-31363

No data.

Status : Analyzed
Published: 2025-04-16T10:15:15.170
Modified: 2025-09-29T21:24:36.903
Link: CVE-2025-31363

No data.

No data.