CVE-2025-30516

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
7.5HIGH
EPSS
0.2%
top 57.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost Mattermost MobileMattermost Mattermost
Timeline
PublishedApr 14

Description

Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 0.5 | Impact: 1.4

Affected Packages2 packages

CVEListV5mattermost/mattermost2.25.0

🔴Vulnerability Details

2
GHSA
GHSA-w8hx-xwgf-2m86: Mattermost Mobile Apps versions <=22025-04-14
CVEList
Unauthorized Notification Exposure in Mobile App Under Specific Conditions2025-04-14
CVE-2025-30516 (HIGH CVSS 7.5) | Mattermost Mobile Apps versions <=2 | cvebase.io