4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-53910

GHSA ID

GHSA-v6c8-g53h-mc2h

EPSS Score

CWE

CWE-862

Published

8/11/2025

Updated

8/11/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-53910

CVE-2025-53910: Mattermost Confluence Plugin has Missing Authorization vulnerability

Mattermost Confluence Plugin versions < 1.5.0 fail to check user access to the channel, allowing attackers to create a channel subscription without proper access to the channel via an API call to the edit channel subscription endpoint.

(GitHub Advisory)

4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-53910

GHSA ID

GHSA-v6c8-g53h-mc2h

EPSS Score

CWE

CWE-862

Published

8/11/2025

Updated

8/11/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/mattermost/mattermost-plugin-confluence	go	< 1.5.0	1.5.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability, described as a missing authorization issue, allowed users to create or edit channel subscriptions in the Mattermost Confluence Plugin without being a member of the respective channel. The analysis of the commits between the vulnerable version (v1.4.0) and the patched version (v1.5.0) revealed that the root cause was the absence of a channel access check in the API handlers responsible for managing subscriptions.

The primary fix was introduced in commit 39f67d31692578dee68722c28cf60f0c28b97ab9. This commit added a call to a new function, hasChannelAccess, within handleEditChannelSubscription (in server/edit_subscription.go) and handleSaveSubscription (in server/save_subscription.go). This check ensures that the user making the request is a member of the channel before allowing them to create or edit a subscription.

Other related commits introduced further security enhancements, such as requiring authentication for all API endpoints and restricting certain actions to system administrators. However, the core vulnerability of missing channel-level authorization was addressed by the introduction of the hasChannelAccess check in the aforementioned functions. Therefore, handleEditChannelSubscription and handleSaveSubscription are the identified vulnerable functions that would appear in a runtime profile during exploitation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M*tt*rmost *on*lu*n** Plu*in v*rsions < *.*.* **il to ****k us*r ****ss to t** ***nn*l, *llowin* *tt**k*rs to *r**t* * ***nn*l su*s*ription wit*out prop*r ****ss to t** ***nn*l vi* *n *PI **ll to t** **it ***nn*l su*s*ription *n*point.

Reasoning

T** vuln*r**ility, **s*ri*** *s * missin* *ut*oriz*tion issu*, *llow** us*rs to *r**t* or **it ***nn*l su*s*riptions in t** M*tt*rmost *on*lu*n** Plu*in wit*out **in* * m*m**r o* t** r*sp**tiv* ***nn*l. T** *n*lysis o* t** *ommits **tw**n t** vuln*r*

4

Basic Information

Concerned about an active attack path?

CVE-2025-53910: Mattermost Confluence Plugin has Missing Authorization vulnerability

4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI