CVE-2025-13767 – This vulnerability allows authenticated Matterm... (How to Fix)

Q: How do I fix CVE-2025-13767?

1. Backup your Mattermost instance and database. 2. Download the patched version from Mattermost downloads page. 3. Stop the Mattermost service. 4. Replace the installation with the patched version. 5. Restart the Mattermost service. 6. Verify the version is updated.

Q: What is the severity of CVE-2025-13767?

CVE-2025-13767 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows authenticated Mattermost users with Jira plugin access to read posts and attachments from channels they shouldn't have access to. It affects Mattermost instances with the Jira integration enabled where users can attach posts to Jira issues. The issue occurs when the system fails to validate proper channel membership during this attachment process.

📋 TL;DR

This vulnerability allows authenticated Mattermost users with Jira plugin access to read posts and attachments from channels they shouldn't have access to. It affects Mattermost instances with the Jira integration enabled where users can attach posts to Jira issues. The issue occurs when the system fails to validate proper channel membership during this attachment process.

💻 Affected Systems

Products:

Mattermost

Versions: 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7

Operating Systems: All platforms running affected Mattermost versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Jira plugin to be installed and enabled. Users must have access to both Mattermost and the Jira integration feature.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could systematically exfiltrate sensitive information from private channels, including confidential discussions, file attachments, and proprietary data, leading to data breaches and compliance violations.

🟠

Likely Case

Users with legitimate access to the Jira plugin accidentally or intentionally viewing content from channels they shouldn't access, potentially exposing internal communications or sensitive project information.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated incidents that can be quickly detected and contained through audit logs.

🌐 Internet-Facing: MEDIUM - While exploitation requires authentication, internet-facing instances are accessible to attackers who obtain valid credentials through other means.

🏢 Internal Only: HIGH - Internal users with legitimate access can exploit this vulnerability to access sensitive information beyond their authorization level.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Exploitation requires only authenticated access and knowledge of how to attach posts to Jira issues.

Exploitation is straightforward for users with legitimate access to the Jira plugin functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Mattermost 11.1.1, 11.0.6, 10.12.4, or 10.11.8

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Backup your Mattermost instance and database. 2. Download the patched version from Mattermost downloads page. 3. Stop the Mattermost service. 4. Replace the installation with the patched version. 5. Restart the Mattermost service. 6. Verify the version is updated.

🔧 Temporary Workarounds

Disable Jira Integration

all

Temporarily disable the Jira plugin to prevent exploitation while planning for patching.

mmctl plugin disable jira

Restrict Jira Plugin Access

all

Limit which users have access to the Jira plugin functionality to reduce attack surface.

mmctl plugin enable jira --channel-team-only

🧯 If You Can't Patch

Implement strict access controls and audit logging for Jira plugin usage
Monitor for unusual patterns of post attachments to Jira issues from users

🔍 How to Verify

Check if Vulnerable:

Check Mattermost version via System Console > About or run: mmctl version

Check Version:

mmctl version

Verify Fix Applied:

Verify version is 11.1.1, 11.0.6, 10.12.4, or 10.11.8 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual patterns of post attachments to Jira issues
Users accessing posts from channels they aren't members of

Network Indicators:

Increased API calls to Jira integration endpoints

SIEM Query:

source="mattermost" AND (event="post_attached_to_jira" OR event="jira_plugin_used") | stats count by user, channel

📊 Metadata

CVE ID: CVE-2025-13767

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-863

EPSS Score: 0.03% exploit probability (9.6th percentile)

Published: December 24, 2025

Last Updated: December 31, 2025

🔗 References

https://mattermost.com/security-updates Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13767, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mattermost Server by Mattermost

Mattermost Server by Mattermost

Mattermost Server by Mattermost

Mattermost Server by Mattermost

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Jira Integration

Restrict Jira Plugin Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities