PT-2025-16220 · Mattermost · Mattermost Mobile Apps
Elias Nahum
·
Published
2025-04-14
·
Updated
2025-09-24
·
CVE-2025-30516
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Mattermost Mobile Apps versions <=2.25.0
Description:
The issue arises when Mattermost Mobile Apps fail to terminate sessions during logout under certain conditions, such as poor connectivity, allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications.
Recommendations:
For Mattermost Mobile Apps versions <=2.25.0, update to a version higher than 2.25.0 to ensure proper session termination during logout.
Fix
LPE
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost Mobile Apps