CVE-2025-30516

Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications

CVSS v3 2.0 LOW

2.0^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 1.4

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://mattermost.com/security-updates

Configurations

No configuration.

History

15 Apr 2025, 18:39

Type	Values Removed	Values Added
Summary		(es) Las versiones 2.25.0 o anteriores de las aplicaciones móviles de Mattermost no pueden finalizar las sesiones durante el cierre de sesión en determinadas condiciones (por ejemplo, mala conectividad), lo que permite que usuarios no autorizados en dispositivos compartidos accedan a contenido de notificaciones confidenciales a través de notificaciones móviles continuas.

14 Apr 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-14 07:15

Updated : 2025-04-15 18:39

NVD link : CVE-2025-30516

Mitre link : CVE-2025-30516

CVE.ORG link : CVE-2025-30516

JSON object : View

Products Affected

No product.

CWE

CWE-613

Insufficient Session Expiration

2.0 /10