CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1558 – Denial of Service Via Malicious GIF
https://notcve.org/view.php?id=CVE-2025-1558
24 Mar 2025 — Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF. • https://mattermost.com/security-updates • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1398 – macOS TCC Bypass via Code Injection
https://notcve.org/view.php?id=CVE-2025-1398
17 Mar 2025 — Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection. • https://mattermost.com/security-updates • CWE-426: Untrusted Search Path •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20630 – Mobile crash via object that can't be cast to String in Attachment Field
https://notcve.org/view.php?id=CVE-2025-20630
16 Jan 2025 — Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel. • https://mattermost.com/security-updates • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20072 – Mobile crash via improper validation of proto style in attachments
https://notcve.org/view.php?id=CVE-2025-20072
16 Jan 2025 — Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input. • https://mattermost.com/security-updates • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0476 – Mobile crash via file with specially crafted filename
https://notcve.org/view.php?id=CVE-2025-0476
15 Jan 2025 — Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment Las versiones de aplicaciones móviles de Mattermost <=2.22.0 no pueden manejar correctamente los nombres de archivos adjuntos especialmente manipulados, lo que permite que un atacante bloquee la aplicación móvil para cualquier usuario que haya abierto un canal que contenga el arch... • https://mattermost.com/security-updates • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21083 – Insufficient Input Validation on Post Props
https://notcve.org/view.php?id=CVE-2025-21083
15 Jan 2025 — Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. • https://mattermost.com/security-updates • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20036 – Insufficient Input Validation on Post Props
https://notcve.org/view.php?id=CVE-2025-20036
15 Jan 2025 — Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. • https://mattermost.com/security-updates • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11358 – Insecure Android File Provider Paths
https://notcve.org/view.php?id=CVE-2024-11358
16 Dec 2024 — Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider. • https://mattermost.com/security-updates • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45835 – Insufficient Electron Fuses Configuration
https://notcve.org/view.php?id=CVE-2024-45835
16 Sep 2024 — Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access. • https://mattermost.com/security-updates • CWE-693: Protection Mechanism Failure •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39772 – Silent Desktop Screenshot Capture
https://notcve.org/view.php?id=CVE-2024-39772
16 Sep 2024 — Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs. • https://mattermost.com/security-updates • CWE-284: Improper Access Control •