
We found results for “”
CVE-2025-47700
Good to know:

Date: August 21, 2025
Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions
Severity Score
Severity Score
Weakness Type (CWE)
Server-Side Request Forgery (SSRF)
CWE-918Top Fix

Upgrade Version
Upgrade to version github.com/mattermost/mattermost - v10.5.10;github.com/mattermost/mattermost-server - v10.5.10;github.com/mattermost/mattermost/server/v8 - v8.0.0-20250814075248-83a37a861d3c
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |