Mobile Application Crashes Due to Improper Handling of Posts in Mattermost
CVE-2025-20630

6.5MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 16 January 2025

Summary

Mattermost Mobile versions up to 2.22.0 contain a vulnerability that improperly handles posts with non-string attachments. This flaw can lead to a crash of the mobile application when a user receives a malicious post in a channel, jeopardizing the app's stability and user experience. It is crucial for users to stay informed and update to secure versions to mitigate this risk.

Affected Version(s)

Mattermost 0

Mattermost 2.23.0

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

c0rydoras (c0rydoras)