CVE-2025-1558

Summary

Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 2.25.0affected
MattermostMattermost2.26.0unaffected
MattermostMattermost2.25.1unaffected

Weaknesses

  • CWE-1287: CWE-1287: Improper Validation of Specified Type of Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References