CVE-2025-13321

CWE-532Log File Information Exposure5 documents5 sources
Severity
3.3LOW
EPSS
0.0%
top 95.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost Mattermost DesktopMattermost Mattermost
Timeline
PublishedDec 17

Description

Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5mattermost/mattermost6.0.0

🔴Vulnerability Details

3
CVEList
Mattermost Desktop App logging sensitive information and fails to clear data on server deletion2025-12-17
GHSA
Mattermost Desktop App exposes sensitive information in its application logs2025-12-17
OSV
Mattermost Desktop App exposes sensitive information in its application logs2025-12-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-13321 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-13321 (LOW CVSS 3.3) | Mattermost Desktop App versions <6. | cvebase.io