CVE-2025-20036

CWE-12873 documents3 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 42.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost Mattermost MobileMattermost Mattermost
Timeline
PublishedJan 15

Description

Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5mattermost/mattermost2.22.0

🔴Vulnerability Details

2
GHSA
GHSA-7w4f-5rcv-q8pc: Mattermost Mobile Apps versions <=22025-01-15
CVEList
Insufficient Input Validation on Post Props2025-01-15
CVE-2025-20036 (MEDIUM CVSS 6.5) | Mattermost Mobile Apps versions <=2 | cvebase.io