CVE-2025-27936

Published Apr 16, 2025

Last updated 2 months ago

CVSS medium 5.3

Overview

Description
Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison.
Source
responsibledisclosure@mattermost.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.3
Impact score
3.6
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

responsibledisclosure@mattermost.com
CWE-208

Social media

Hype score
Not currently trending

  1. CVE-2025-27936 Mattermost Plugin MSTeams versions &lt;2.1.0 and Mattermost Server versions 10.5.x &lt;=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on … https://t.co/M7H2aVnRel

    @CVEnew

    16 Apr 2025

    408 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.