Mattermost: >> Mattermost Mobile >> 2.25.0 Security Vulnerabilities
Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-13
Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications
CVSS Score
2.0
EPSS Score
0.002
Published
2025-04-14
Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-24