CVE-2025-1398

Summary

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 5.10.0affected
MattermostMattermost5.11.0unaffected

Weaknesses

  • CWE-426: CWE-426: Untrusted Search Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References