PT-2025-11503 · Mattermost · Mattermost Desktop App

Nullevent

Published

2025-03-17

Updated

2025-03-17

CVE-2025-1398

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions <=5.10.0

Description The issue allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection due to explicitly declared unnecessary macOS entitlements.

Recommendations For Mattermost Desktop App versions <=5.10.0, update to a version higher than 5.10.0 to resolve the issue. As a temporary workaround, consider restricting remote access to the application until a patch is available.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

BDU:2025-16009

CVE-2025-1398

GHSA-XMVV-W44W-J8WX

Affected Products

Mattermost Desktop App

PT-2025-11503 · Mattermost · Mattermost Desktop App

CVE-2025-1398

Weakness Enumeration

Related Identifiers

Affected Products

References · 10