CVE-2025-31363

LOW Year: 2025
CVSS v3 Score
3.0
Low
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an arbitrary server accessible to the victim via performing a prompt injection in the AI plugin's Jira tool.

Related Vulnerabilities

CVE-2016-3490

LOW
CVSS:3.0(Low)

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remote...

NVD-CWE-Other2016

CVE-2020-14818

LOW
CVSS:3.0(Low)

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with...

NVD-CWE-Other2020

CVE-2022-22460

LOW
CVSS:3.0(Low)

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013.

NVD-CWE-Other2022

CVE-2024-20910

LOW
CVSS:3.0(Low)

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker ...

NVD-CWE-Other2024

CVE-2024-21257

LOW
CVSS:3.0(Low)

Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows ...

NVD-CWE-Other2024

CVE-2016-3426

LOW
CVSS:3.1(Low)

Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.

NVD-CWE-Other2016