{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T12:31:10.633","vulnerabilities":[{"cve":{"id":"CVE-2025-31363","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2025-04-16T10:15:15.170","lastModified":"2025-09-29T21:24:36.903","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool."},{"lang":"es","value":"Las versiones de Mattermost 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 no restringen los dominios que LLM puede solicitar para contactar ascendentemente, lo que permite que un usuario autenticado extraiga datos de un servidor arbitrario accesible para la víctima mediante la realización de una inyección rápida en la herramienta Jira del complemento de IA."}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N","baseScore":3.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.11.0","versionEndExcluding":"9.11.10","matchCriteriaId":"73837B0A-0874-4B7D-8B09-D3CB7E249EA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.4.0","versionEndExcluding":"10.4.3","matchCriteriaId":"F2ACE54D-3EC6-4AC9-B243-35E8FFBE0EA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:10.5.0:-:*:*:*:*:*:*","matchCriteriaId":"FCB473B7-939A-437C-9488-980523F2B043"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}}]}