CVE-2025-27936

Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://mattermost.com/security-updates	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:ms_teams::::::::

History

No history.

Information

Published : 2025-04-16 10:15

Updated : 2026-01-14 14:29

NVD link : CVE-2025-27936

Mitre link : CVE-2025-27936

CVE.ORG link : CVE-2025-27936

JSON object : View

Products Affected

mattermost

ms_teams
mattermost_server

CWE

CWE-208

Observable Timing Discrepancy

{"id": "CVE-2025-27936", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2025-04-16T10:15:14.797", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["Vendor Advisory"], "source": "responsibledisclosure@mattermost.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "description": [{"lang": "en", "value": "CWE-208"}]}], "descriptions": [{"lang": "en", "value": "Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server\u00a0versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows\u00a0an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison."}, {"lang": "es", "value": "Las versiones <2.1.0 de Mattermost Plugin MSTeams y las versiones 10.5.x <=10.5.1 de Mattermost Server con el complemento MS Teams habilitado no pueden realizar una comparaci\u00f3n de tiempo constante en un secreto de webhook del complemento MSTeams, lo que permite que un atacante recupere el secreto de webhook del complemento MSTeams a trav\u00e9s de un ataque de tiempo durante la comparaci\u00f3n del secreto de webhook."}], "lastModified": "2026-01-14T14:29:28.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DE93CBC-B6CE-4E53-8F2E-2E7994AD9E9E", "versionEndExcluding": "10.5.2"}, {"criteria": "cpe:2.3:a:mattermost:ms_teams:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "871A9BE2-E180-45D7-B126-345AE4280A0B", "versionEndExcluding": "2.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "responsibledisclosure@mattermost.com"}