Skip to main content

Mattermost Desktop CVE-2025-1398

LOW
Untrusted Search Path (CWE-426)
2025-03-17 responsibledisclosure@mattermost.com
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 28, 2026 - 18:31 vuln.today
CVE Published
Mar 17, 2025 - 15:15 nvd
LOW 3.3

DescriptionCVE.org

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

AnalysisAI

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-426. Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection. Affected products include: Mattermost Mattermost Desktop.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-39613 HIGH
7.8 Sep 16

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a

CVE-2026-1046 HIGH
7.6 Feb 16

Arbitrary code execution in Mattermost Desktop App through version 6.2.0 results from insufficient validation of help me

CVE-2020-14456 HIGH
7.3 Jun 19

An issue was discovered in Mattermost Desktop App before 4.4.0. Rated high severity (CVSS 7.3), this vulnerability is re

CVE-2024-45835 MEDIUM
6.5 Sep 16

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather

CVE-2020-14455 MEDIUM
6.5 Jun 19

An issue was discovered in Mattermost Desktop App before 4.4.0. Rated medium severity (CVSS 6.5), this vulnerability is

CVE-2024-37182 MEDIUM
6.1 Jun 14

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows

CVE-2020-14454 MEDIUM
6.1 Jun 19

An issue was discovered in Mattermost Desktop App before 4.4.0. Rated medium severity (CVSS 6.1), this vulnerability is

CVE-2023-5339 MEDIUM
5.5 Oct 17

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in loggin

CVE-2023-2000 MEDIUM
5.4 May 02

Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website. Rated me

CVE-2024-39772 MEDIUM
5.3 Sep 16

Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silen

CVE-2023-5876 MEDIUM
5.3 Nov 02

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enro

CVE-2023-5875 MEDIUM
5.3 Nov 02

Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowi

Share

CVE-2025-1398 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy