CVE-2025-8285 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-8285 Interim 1 2 2025-11-01T01:02:02Z current 2025-09-22T08:07:31Z 2025-11-01T01:02:02Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-8285 Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed govulncheck-vulndb-0.0.20250818T190335-1.1 govulncheck-vulndb-0.0.20250818T190335-1.1 as a component of openSUSE Tumbleweed Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint. CVE-2025-8285 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250818T190335-1.1 moderate 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N