CVE-2025-0476

CWE-1287 CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 44.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mattermost Mattermost Mobile Mattermost Mattermost

Timeline

PublishedJan 16

Description

Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDmattermost/mattermost_mobile< 2.23.0

▶CVEListV5mattermost/mattermost2.22.0

🔴Vulnerability Details

GHSA

GHSA-2rqq-v9v7-f3mq: Mattermost Mobile Apps versions <=2↗2025-01-16

▶

CVEList

Mobile crash via file with specially crafted filename↗2025-01-15

▶

📋Vendor Advisories

Microsoft

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476.↗2024-06-11

▶