{"cve":{"cve_id":"CVE-2025-8285","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00184,"epss_percentile":0.08052,"epss_as_of":"2026-06-23","description":"Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.","published_at":"2025-08-11T18:57:07.701000Z","last_modified_at":null,"cvss_v3_score":4.0,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-862"],"nvd_references":["https://mattermost.com/security-updates"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:28:35.886271Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"mattermost","vendor_name":"Mattermost","product_slug":"mattermost-confluence-plugin","product_name":"Mattermost Confluence Plugin","version_start":"0","version_start_inclusive":true,"version_end":"1.5.0","version_end_inclusive":false,"cpe23_uri":"cve5:mattermost:mattermost-confluence-plugin:0:1.5.0"},{"vendor_slug":"mattermost","vendor_name":"Mattermost","product_slug":"mattermost-confluence-plugin","product_name":"Mattermost Confluence Plugin","version_start":"1.5.0","version_start_inclusive":true,"version_end":"1.5.0","version_end_inclusive":true,"cpe23_uri":"cve5:mattermost:mattermost-confluence-plugin:1.5.0:1.5.0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://mattermost.com/security-updates","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-08-11T18:57:07.701000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:49:56.134173Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:49:56.134173Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:49:56.134173Z","label":"CVSS score revised","source":"cvelistv5"}]}