CVE-2025-30516

Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications

CVSS v3 2.0 LOW

2.0^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.5 / Impact : 1.4

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://mattermost.com/security-updates	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mattermost:mattermost_mobile:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-04-14 07:15

Updated : 2025-09-24 14:57

NVD link : CVE-2025-30516

Mitre link : CVE-2025-30516

CVE.ORG link : CVE-2025-30516

JSON object : View

Products Affected

mattermost

mattermost_mobile

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2025-30516", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.0, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-04-14T07:15:14.397", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "Mattermost Mobile Apps versions <=2.25.0\u00a0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications"}, {"lang": "es", "value": "Las versiones 2.25.0 o anteriores de las aplicaciones m\u00f3viles de Mattermost no pueden finalizar las sesiones durante el cierre de sesi\u00f3n en determinadas condiciones (por ejemplo, mala conectividad), lo que permite que usuarios no autorizados en dispositivos compartidos accedan a contenido de notificaciones confidenciales a trav\u00e9s de notificaciones m\u00f3viles continuas."}], "lastModified": "2025-09-24T14:57:30.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_mobile:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCFF440F-7281-4970-926E-FE7C6388E3D2", "versionEndExcluding": "2.26.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}