CVE-2025-64641

🗓️ 24 Dec 2025 08:02:55Reported by MattermostType

Mattermost Jira plugin flaw lets exfiltrate Jira tickets via crafted post action in older Mattermost versions.

Reporter	Title	Published	Views	Family All 111
Circl	CVE-2025-64641	24 Dec 202510:27	–	circl
CNNVD	Mattermost 安全漏洞	24 Dec 202500:00	–	cnnvd
Cvelist	CVE-2025-64641 Mattermost Jira plugin crafted action leaks Jira issue details	24 Dec 202508:02	–	cvelist
EUVD	EUVD-2025-205062	24 Dec 202508:02	–	euvd
Github Security Blog	Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin	24 Dec 202509:30	–	github
NVD	CVE-2025-64641	24 Dec 202508:15	–	nvd
OSV	GHSA-VWW6-79RV-3J4X Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin	24 Dec 202509:30	–	osv
OSV	GO-2025-4260 Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin in github.com/mattermost/mattermost-server	26 Feb 202616:27	–	osv
OSV	SUSE-SU-2026:0757-1 Security update for govulncheck-vulndb	3 Mar 202611:34	–	osv
Positive Technologies	PT-2020-8419	19 Jun 202000:00	–	ptsecurity

NVD

Node

mattermost mattermost_serverRange10.11.0–10.11.8

mattermost mattermost_serverRange10.12.0–10.12.4

mattermost mattermost_serverRange11.0.0–11.0.6

mattermost mattermost_serverRange11.1.0–11.1.1

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "11.1.0",
        "status": "affected",
        "version": "11.1.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "11.0.5",
        "status": "affected",
        "version": "11.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.12.3",
        "status": "affected",
        "version": "10.12.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.11.7",
        "status": "affected",
        "version": "10.11.0",
        "versionType": "semver"
      },
      {
        "version": "11.2.0",
        "status": "unaffected"
      },
      {
        "version": "11.1.1",
        "status": "unaffected"
      },
      {
        "version": "11.0.6",
        "status": "unaffected"
      },
      {
        "version": "10.12.4",
        "status": "unaffected"
      },
      {
        "version": "10.11.8",
        "status": "unaffected"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

31 Dec 2025 18:55Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.14.1

EPSS0.00029

SSVC

CWE-863