CVE-2025-20072

CWE-7043 documents3 sources
Severity
7.5HIGH
EPSS
0.2%
top 54.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost Mattermost MobileMattermost Mattermost
Timeline
PublishedJan 16

Description

Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5mattermost/mattermost2.22.0

🔴Vulnerability Details

2
CVEList
Mobile crash via improper validation of proto style in attachments2025-01-16
GHSA
GHSA-778q-j98c-h63p: Mattermost Mobile versions <= 22025-01-16
CVE-2025-20072 (HIGH CVSS 7.5) | Mattermost Mobile versions <= 2.22. | cvebase.io