VYPR
Low severityNVD Advisory· Published Aug 21, 2025· Updated Aug 21, 2025

AI plugin APIs can be triggered using post actions

CVE-2025-47700

Description

Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost-serverGo
>= 10.5.0, < 10.5.1010.5.10
github.com/mattermost/mattermost/server/v8Go
< 8.0.0-20250814075248-83a37a861d3c8.0.0-20250814075248-83a37a861d3c

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.