CVE-2025-30516

Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications

CVSS v3 2.0 LOW

2.0^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.5 / Impact : 1.4

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://mattermost.com/security-updates	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mattermost:mattermost_mobile:*:*:*:*:*:*:*:*

History

24 Sep 2025, 14:57

Type	Values Removed	Values Added
References	~~() https://mattermost.com/security-updates -~~	() https://mattermost.com/security-updates - Vendor Advisory
First Time		Mattermost Mattermost mattermost Mobile
CPE		cpe:2.3:a:mattermost:mattermost_mobile::::::::

15 Apr 2025, 18:39

Type	Values Removed	Values Added
Summary		(es) Las versiones 2.25.0 o anteriores de las aplicaciones móviles de Mattermost no pueden finalizar las sesiones durante el cierre de sesión en determinadas condiciones (por ejemplo, mala conectividad), lo que permite que usuarios no autorizados en dispositivos compartidos accedan a contenido de notificaciones confidenciales a través de notificaciones móviles continuas.

14 Apr 2025, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-14 07:15

Updated : 2025-09-24 14:57

NVD link : CVE-2025-30516

Mitre link : CVE-2025-30516

CVE.ORG link : CVE-2025-30516

JSON object : View

Products Affected

mattermost

mattermost_mobile

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2025-30516", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.0, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-04-14T07:15:14.397", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["Vendor Advisory"], "source": "responsibledisclosure@mattermost.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "Mattermost Mobile Apps versions <=2.25.0\u00a0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications"}, {"lang": "es", "value": "Las versiones 2.25.0 o anteriores de las aplicaciones m\u00f3viles de Mattermost no pueden finalizar las sesiones durante el cierre de sesi\u00f3n en determinadas condiciones (por ejemplo, mala conectividad), lo que permite que usuarios no autorizados en dispositivos compartidos accedan a contenido de notificaciones confidenciales a trav\u00e9s de notificaciones m\u00f3viles continuas."}], "lastModified": "2025-09-24T14:57:30.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_mobile:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCFF440F-7281-4970-926E-FE7C6388E3D2", "versionEndExcluding": "2.26.0"}], "operator": "OR"}]}], "sourceIdentifier": "responsibledisclosure@mattermost.com"}