{"id":"CVE-2025-54478","details":"Mattermost Confluence Plugin version \u003c1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.","aliases":["GHSA-qpjq-c5hr-7925","GO-2025-3875"],"modified":"2026-04-10T05:29:35.772420Z","published":"2025-08-11T19:15:30.220Z","related":["openSUSE-SU-2025:15469-1"],"references":[{"type":"ADVISORY","url":"https://mattermost.com/security-updates"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.5.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54478.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}