Low severityNVD Advisory· Published Mar 17, 2025· Updated Mar 31, 2025

macOS TCC Bypass via Code Injection

CVE-2025-1398

Description

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
mattermost-desktopnpm	< 5.11.0	5.11.0

Affected products

Mattermost/Mattermostv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-xmvv-w44w-j8wxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-1398ghsaADVISORY
mattermost.com/security-updatesghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000