First published: Wed Jan 15 2025(Updated: )
Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment
Credit: responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mobile app | <=2.22.0 |
Update Mattermost Mobile Apps to versions 2.23.0 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-0476 is considered a high severity vulnerability due to the potential for app crashes affecting multiple users.
To fix CVE-2025-0476, update the Mattermost Mobile Apps to version 2.22.1 or later.
Mattermost Mobile Apps versions up to and including 2.22.0 are affected by CVE-2025-0476.
CVE-2025-0476 enables an attacker to crash the Mattermost Mobile app for users who open a channel with a specially crafted attachment.
There is no documented workaround for CVE-2025-0476, so it is recommended to update to the fixed version as soon as possible.