CVE-2025-20072

Summary

Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 2.22.0affected
MattermostMattermost2.23.0unaffected

Weaknesses

  • CWE-704: CWE-704: Incorrect Type Conversion or Cast

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References