Platform
go
Component
github.com/mattermost/mattermost-server
Fixed in
10.5.9
10.5.10
10.5.10+incompatible
CVE-2025-47700 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the Agents Plugin of Mattermost Server. This flaw allows an attacker to potentially trigger unintended network requests, potentially leading to unauthorized access to internal resources. The vulnerability impacts versions of Mattermost Server prior to 10.5.10+incompatible, and a patch has been released to address the issue.
The SSRF vulnerability in Mattermost Server's Agents Plugin allows an attacker to craft malicious requests that the server will execute on their behalf. This can be exploited to scan internal networks, access sensitive data stored on internal services, or even potentially interact with other internal systems. While the CVSS score is LOW, the potential for unauthorized access to internal resources warrants immediate attention. The impact is amplified if the Agents Plugin is configured to interact with external services, as an attacker could potentially leverage this to reach those services as well.
CVE-2025-47700 was publicly disclosed on 2025-08-29. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog. Given the LOW CVSS score and lack of public exploits, the probability of active exploitation is considered low, but proactive patching is still recommended.
Exploit Status
EPSS
0.03% (10% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-47700 is to upgrade Mattermost Server to version 10.5.10+incompatible or later. If immediate upgrade is not feasible, consider implementing network segmentation to restrict the Agents Plugin's access to internal resources. Review the Agents Plugin configuration to ensure it only interacts with trusted endpoints. Web Application Firewalls (WAFs) configured to filter outbound requests based on URL patterns or hostnames can also provide a layer of defense. After upgrading, verify the fix by attempting to trigger an SSRF request through the Agents Plugin and confirming it is blocked.
Update Mattermost Server to version 10.10.0 or higher. This addresses the vulnerability that allows for the execution of malicious links through publish actions. The update will prevent the Agents plugin from processing empty request bodies, thus preventing the attack.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-47700 is a Server-Side Request Forgery (SSRF) vulnerability in the Agents Plugin of Mattermost Server, allowing attackers to potentially trigger unintended network requests.
You are affected if you are running Mattermost Server versions prior to 10.5.10+incompatible and have the Agents Plugin enabled.
Upgrade Mattermost Server to version 10.5.10+incompatible or later. Consider network segmentation and WAF rules as interim mitigations.
Currently, there are no known public exploits or confirmed active exploitation campaigns for CVE-2025-47700.
Refer to the official Mattermost security advisory for detailed information and updates: [https://mattermost.com/security/advisories/](https://mattermost.com/security/advisories/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.