CVE-2025-14273
Mattermost Jira plugin user spoofing enables Jira request forgery.Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows a valid user ID to issue authenticated GET and POST requests to the Jira server via crafted plugin payloads that spoof the user ID and inject arbitrary issue key paths. Mattermost Advisory ID: MMSA-2025-00555
We have discovered 67 live websites that are affected by CVE-2025-14273.
Affected Software
| Product |  Mattermost |
| Category | Message Boards |
| Vulnerable Domains | 67 live websites (16% of Mattermost install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 11 versions ( 16% of all versions) |
Common Weakness Enumeration
CWE-303 Incorrect Implementation of Authentication AlgorithmDetails
- Published - Dec 22, 2025
- Updated - Dec 22, 2025
Credits
- Juho Forsén (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-14273 United States | 13 websites |
 Germany | 26 websites |
 France | 7 websites |
 GB | 5 websites |
 Argentina | 2 websites |
 Netherlands | 2 websites |
 Russia | 2 websites |
 Australia | 1 websites |
 Bangladesh | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-14273| .com | 17 websites |
| .de | 14 websites |
| .org | 7 websites |
| .fr | 4 websites |
| .ru | 3 websites |
| .co.uk | 2 websites |
| .info | 2 websites |
| .net | 2 websites |
| .co | 1 websites |
| .edu | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-14273
Top websites that are affected by CVE-2025-14273. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | Germany | ***,*** | |
| ****.*******.com | GB | ***,*** | |
| ****.*******.com | Germany | *,***,*** | |
| ****.**************.de | Germany | *,***,*** | |
| *******.org | Germany | *,***,*** | |
| ******.***************.com | United States | **,***,*** | |
| *****.********.org | United States | **,***,*** | |
| ****.***.ai | United States | **,***,*** | |
| **********.*******.org | Germany | **,***,*** | |
| ****.******.fr | Germany | **,***,*** |
FAQ
CVE-2025-14273 is Incorrect Implementation of Authentication Algorithm in Mattermost
A total of 67 websites have been identified as vulnerable to CVE-2025-14273, based on global website indexing conducted by WebTechSurvey.
The Mattermost is affected by the CVE-2025-14273 vulnerability.
Mattermost versions up to and including 11.1 are vulnerable to CVE-2025-14273.