Mattermost Mobile
CVE-2025-20630
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel.
AnalysisAI
Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1287. Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel. Affected products include: Mattermost Mattermost Mobile.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Mattermost Mobile
View allAn issue was discovered in Mattermost Mobile Apps before 1.29.0. Rated high severity (CVSS 7.5), this vulnerability is r
An issue was discovered in Mattermost Mobile Apps before 1.30.0. Rated high severity (CVSS 7.5), this vulnerability is r
Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a maliciou
Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually cam
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain d
Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block
Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with
Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows a
Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. Rated l
Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, whic
Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today