AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-31363: Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to

lowvulnerability

security

Source: NVD/CVE DatabaseApril 16, 2025CVE-2025-31363

Summary

Mattermost (a team communication platform) versions 10.4.2 and earlier, 10.5.0 and earlier, and 9.11.9 and earlier don't properly block which websites their built-in AI tool can contact. This allows logged-in users to use prompt injection (tricking the AI by hiding instructions in their input) to steal data from servers that the Mattermost system can access.

Vulnerability Details

CVSS Score

3(low)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack Type

Prompt Injection

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

AI Component TargetedPlugin

Affected Vendors

Related Issues

high

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Similar attackEmbrace The Red

medium

CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 85%