3.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-53857

GHSA ID

GHSA-42m6-5vm7-fjv2

EPSS Score

CWE

CWE-862

Published

8/11/2025

Updated

8/11/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-53857

CVE-2025-53857: Mattermost Confluence Plugin has Missing Authorization vulnerability

Mattermost Confluence Plugin versions < 1.5.0 fail to check user access to the channel, allowing attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.

(GitHub Advisory)

3.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-53857

GHSA ID

GHSA-42m6-5vm7-fjv2

EPSS Score

CWE

CWE-862

Published

8/11/2025

Updated

8/11/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/mattermost/mattermost-plugin-confluence	go	< 1.5.0	1.5.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability described in CVE-2025-53857 is a missing authorization flaw in the Mattermost Confluence plugin, specifically mentioning the GET autocomplete/GetChannelSubscriptions endpoint. By analyzing the commits between the last vulnerable version (v1.4.0) and the patched version (v1.5.0), I identified commit 39f67d31692578dee68722c28cf60f0c28b97ab9 titled "Security review fixes" as the primary patch for this issue.

The root cause of the vulnerability is the failure to verify if the user making an API request is a member of the channel they are trying to interact with. This allowed for unauthorized access to subscription information.

The primary vulnerable function is handleGetChannelSubscriptions in server/get_subscriptions.go, which directly corresponds to the endpoint mentioned in the CVE. The patch for this function, while not as robust as fixes for other functions, confirms that a security control was missing.

Additionally, the same commit patched several other functions (handleGetChannelSubscription, handleEditChannelSubscription, handleSaveSubscription, and deleteSubscription) by adding a new, more explicit channel access check (hasChannelAccess). This indicates a systemic issue of missing authorization across multiple parts of the plugin's API that were all addressed in the security update. While the CVE description only highlights the information disclosure aspect, the patches reveal that modification and deletion of subscriptions were also possible.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M*tt*rmost *on*lu*n** Plu*in v*rsions < *.*.* **il to ****k us*r ****ss to t** ***nn*l, *llowin* *tt**k*rs to **t ***nn*l su*s*ription **t*ils wit*out prop*r ****ss to t** ***nn*l vi* *PI **ll to t** **T *uto*ompl*t*/**t***nn*lSu*s*riptions *n*point.

Reasoning

T** vuln*r**ility **s*ri*** in *V*-****-***** is * missin* *ut*oriz*tion *l*w in t** M*tt*rmost *on*lu*n** plu*in, sp**i*i**lly m*ntionin* t** `**T *uto*ompl*t*/**t***nn*lSu*s*riptions` *n*point. *y *n*lyzin* t** *ommits **tw**n t** l*st vuln*r**l* v

3.7

Basic Information

Concerned about an active attack path?

CVE-2025-53857: Mattermost Confluence Plugin has Missing Authorization vulnerability

3.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI