CVE-2025-20630

CWE-12873 documents3 sources
Severity
7.5HIGH
EPSS
0.2%
top 55.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost Mattermost MobileMattermost Mattermost
Timeline
PublishedJan 16

Description

Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5mattermost/mattermost<=2.22.0

🔴Vulnerability Details

2
GHSA
GHSA-93w4-x8jh-j7m2: Mattermost Mobile versions <=22025-01-16
CVEList
Mobile crash via object that can't be cast to String in Attachment Field2025-01-16
CVE-2025-20630 (HIGH CVSS 7.5) | Mattermost Mobile versions <=2.22.0 | cvebase.io