CVE-2025-13326

CWE-6934 documents4 sources

Severity

3.9LOW

EPSS

0.0%

top 96.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mattermost Mattermost Desktop Mattermost Mattermost

Timeline

PublishedDec 17

Description

Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 1.3 | Impact: 2.5

Affected Packages2 packages

▶NVDmattermost/mattermost_desktop< 6.0.0

▶CVEListV5mattermost/mattermost6.0.0

🔴Vulnerability Details

CVEList

Mattermost Desktop App fails to enable Hardened Runtime when packaged for Mac App Store↗2025-12-17

▶

GHSA

GHSA-4m4m-vm74-rqv4: Mattermost Desktop App versions <6↗2025-12-17

▶

🕵️Threat Intelligence

Wiz

CVE-2025-13326 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶