CVE-2025-1398

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1398
Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

3.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://mattermost.com/security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
History

25 Sep 2025, 19:14

Type Values Removed Values Added
References () https://mattermost.com/security-updates - () https://mattermost.com/security-updates - Vendor Advisory
First Time Apple
Apple macos
Mattermost mattermost Desktop
Mattermost
CPE cpe:2.3:a:mattermost:mattermost_desktop:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

31 Mar 2025, 16:15

Type Values Removed Values Added
Summary
  • (es) Las versiones &lt;=5.10.0 de Mattermost Desktop App declararon explícitamente derechos innecesarios de macOS que permiten a un atacante con acceso remoto eludir la Transparencia, el Consentimiento y el Control (TCC) mediante la inyección de código.

17 Mar 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-17 15:15

Updated : 2025-09-25 19:14

NVD link : CVE-2025-1398

Mitre link : CVE-2025-1398

CVE.ORG link : CVE-2025-1398

JSON object : View

Products Affected

apple

  • macos

mattermost

  • mattermost_desktop
CWE
CWE-426

Untrusted Search Path