CVE-2025-58084

CWE-12873 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 81.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mattermost Mattermost DesktopMattermost Mattermost
Timeline
PublishedOct 13

Description

Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:LExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

CVEListV5mattermost/mattermost5.13.0

🔴Vulnerability Details

2
CVEList
Mattermost Desktop App crashes when clicking on malformed external URL2025-10-13
GHSA
GHSA-c8m2-cx6j-jf7p: Mattermost Desktop App versions <= 52025-10-13
CVE-2025-58084 (MEDIUM CVSS 6.5) | Mattermost Desktop App versions <= | cvebase.io