CVE-2025-8285: Mattermost Confluence Plugin has Missing Authorization vulnerability

August 11, 2025

Mattermost Confluence Plugin versions < 1.5.0 fail to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.

References

github.com/advisories/GHSA-qjrx-j8wm-xf83
github.com/mattermost/mattermost-plugin-confluence
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2025-8285

Code Behaviors & Features

Detect and mitigate CVE-2025-8285 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →