CVE-2025-27936— Webhook Secret Exposure via Timing attack in MSteams plugin
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-27936
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Webhook Secret Exposure via Timing attack in MSteams plugin
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过时间差异性导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mattermost Plugin MSTeams 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mattermost Plugin MSTeams是美国Mattermost公司的一个Mattermost插件。 Mattermost Plugin MSTeams 2.1.0之前版本存在安全漏洞,该漏洞源于webhook密钥比较未使用恒定时间算法,可能导致密钥泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Mattermost | Mattermost | 10.5.0 ~ 10.5.1 | - |
II. Public POCs for CVE-2025-27936
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-27936
请登录查看更多情报信息。
Same Patch Batch · Mattermost · 2025-04-16 · 6 CVEs total
| CVE-2025-27571 | 4.3 MEDIUM | Channel metadata visible in archived channels despite configuration setting |
| CVE-2025-2564 | 4.3 MEDIUM | Unauthorized View Access to Archived Channel Member Info |
| CVE-2025-24839 | 3.1 LOW | Unauthorized AI bot activation via Wrangler plugin |
| CVE-2025-31363 | 3.0 LOW | Data exfiltration via AI plugin Jira tool |
| CVE-2025-27538 | 2.2 LOW | MFA Enforcement Bypass Allows Unauthorized Removal of MFA for Other Users |
IV. Related Vulnerabilities
Same product: Mattermost
- CVE-2026-3590
Race Condition in Guest Magic Link Authentication Allows Tok - CVE-2026-28741
CSRF Protection Bypass Allows Updating a User's Authenticati - CVE-2026-27769
Connected Workspaces: Malicious remote server can manipulate - CVE-2026-24661
Unbounded Request Body Read in MS Teams Plugin {{/changes}} - CVE-2026-21388
Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}
Same vendor: Mattermost
- CVE-2026-3590
Race Condition in Guest Magic Link Authentication Allows Tok - CVE-2026-28741
CSRF Protection Bypass Allows Updating a User's Authenticati - CVE-2026-27769
Connected Workspaces: Malicious remote server can manipulate - CVE-2026-24661
Unbounded Request Body Read in MS Teams Plugin {{/changes}} - CVE-2026-21388
Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}
Same weakness: CWE-208
- CVE-2026-41588
RELATE: Timing Attack Vulnerability in course/auth.py — chec - CVE-2026-41161
Username Enumeration via Timing Attack - CVE-2026-33006
Apache HTTP Server: mod_auth_digest timing attack - CVE-2026-41263
Traefik: BasicAuth middleware: timing side-channel vulnerabi - CVE-2026-41407
OpenClaw < 2026.4.2 - Timing Side Channel in Shared-Secret C
V. Comments for CVE-2025-27936
No comments yet