VYPR

Mattermost Mobile Apps

by Mattermost

Source repositories

CVEs (23)

  • CVE-2024-3872LowApr 16, 2024
    risk 0.20cvss 3.1epss 0.00

    Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link.

  • CVE-2025-30516LowApr 14, 2025
    risk 0.06cvss 2.0epss 0.00

    Mattermost Mobile Apps versions <=2.25.0  fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications

  • CVE-2025-59480Nov 13, 2025
    risk 0.00cvss epss 0.00

    Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses

Page 2 of 2