CVE-2025-30516

Summary

Mattermost Mobile Apps versions <=2.25.0  fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 2.25.0affected
MattermostMattermost2.26.0unaffected

Weaknesses

  • CWE-613: CWE-613: Insufficient Session Expiration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References