CVE-2025-48731: Mattermost Confluence Plugin has Missing Authorization vulnerability

August 11, 2025

Mattermost Confluence Plugin versions < 1.5.0 fail to check user access to Confluence spaces, which allows attackers to edit subscriptions for Confluence spaces that users do not have access to through the edit subscription endpoint.

References

github.com/advisories/GHSA-cmpr-8prq-w5p5
github.com/mattermost/mattermost-plugin-confluence
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2025-48731

Code Behaviors & Features

Detect and mitigate CVE-2025-48731 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →