CVE-2025-13321

Summary

Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 6.0.0affected
MattermostMattermost6.0.0unaffected

Weaknesses

  • CWE-532: CWE-532: Insertion of Sensitive Information into Log Files

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References