CVE-2025-54458: Mattermost Confluence Plugin has Missing Authorization vulnerability

August 11, 2025

Mattermost Confluence Plugin versions < 1.5.0 fails to check user access of the Confluence space, allowing attackers to create a subscription to a Confluence space the user does not have access to via the create subscription endpoint.

References

github.com/advisories/GHSA-j66h-xhpr-7q5g
github.com/mattermost/mattermost-plugin-confluence
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2025-54458

Code Behaviors & Features

Detect and mitigate CVE-2025-54458 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →