CVE-2025-20630
- EPSS 0.59%
- Veröffentlicht 16.01.2025 19:15:30
- Zuletzt bearbeitet 24.09.2025 16:42:32
Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel.
CVE-2025-20621
- EPSS 0.44%
- Veröffentlicht 16.01.2025 19:15:29
- Zuletzt bearbeitet 01.10.2025 17:54:41
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via cre...
CVE-2025-20072
- EPSS 0.51%
- Veröffentlicht 16.01.2025 18:15:28
- Zuletzt bearbeitet 24.09.2025 16:46:59
Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.
CVE-2025-0476
- EPSS 0.35%
- Veröffentlicht 16.01.2025 00:15:25
- Zuletzt bearbeitet 24.09.2025 16:47:36
Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment
CVE-2025-20086
- EPSS 0.41%
- Veröffentlicht 15.01.2025 17:15:19
- Zuletzt bearbeitet 30.09.2025 15:51:23
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
CVE-2025-20088
- EPSS 0.54%
- Veröffentlicht 15.01.2025 17:15:19
- Zuletzt bearbeitet 01.10.2025 18:20:36
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
CVE-2025-21083
- EPSS 0.5%
- Veröffentlicht 15.01.2025 17:15:19
- Zuletzt bearbeitet 25.09.2025 19:14:15
Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
CVE-2025-20036
- EPSS 0.5%
- Veröffentlicht 15.01.2025 17:15:18
- Zuletzt bearbeitet 25.09.2025 19:14:06
Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
CVE-2025-21088
- EPSS 0.54%
- Veröffentlicht 15.01.2025 16:15:32
- Zuletzt bearbeitet 30.09.2025 15:52:59
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafte...
CVE-2025-20033
- EPSS 0.59%
- Veröffentlicht 09.01.2025 07:15:28
- Zuletzt bearbeitet 02.10.2025 17:26:14
Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_...