In Mattermost Mobile versions 2.22.0 and prior a medium severity vulnerability CVE-2025-20072 was detected. This vulnerability allows attackers to crash the mobile app by supplying crafted malicious input to the style of proto in `post.props.attachments`. To address this issue, users should upgrade to version 2.23.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-20072.
Read more Communication
In Mattermost Mobile versions before 2.22.0 a medium severity vulnerability CVE-2025-20630 was detected. This vulnerability allows attackers to crash the Mattermost Mobile app by sending a post with attachments that contain fields unable to be converted to a String. To fix this issue, users should upgrade Mattermost Mobile to version 2.23.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-20630.
Read more Communication
In Mattermost versions 10.2.0 and earlier in 10.2.x, 9.11.5 and earlier in 9.11.x, 10.0.3 and earlier in 10.0.x, and 10.1.3 and earlier in 10.1.x a medium severity vulnerability CVE-2025-20621 was detected. This vulnerability allows attackers to crash the Mattermost web app by sending a post with attachments containing fields that cannot be converted to a String. To fix this issue, users should upgrade Mattermost to versions 10.2.1, 10.1.4, 10.0.4, and 9.11.6. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-20621.
Read more Communication
In Zulip versions 10.0-dev after commit 50256f48314250978f521ef439cafa704e056539 a medium severity vulnerability CVE-2025-25195 was detected. This vulnerability allows attackers to view the names of private channels through improperly scoped inactivity notifications sent to all users in the organization. To address this issue, users should upgrade Zulip to 10.0-dev at commit 75be449d456d29fef27e9d1828bafa30174284b4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-25195.
Read more Communication
In Mattermost versions 10.2.x up to and including 10.2.0, 9.11.x up to and including 9.11.5, 10.0.x up to and including 10.0.3, 10.1.x up to and including 10.1.3 a medium severity vulnerability CVE-2025-20088 was detected. This vulnerability allows a malicious authenticated user to cause a crash by creating a malicious post with improperly validated post props. To address this issue, users should upgrade Mattermost to version 10.2.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-20088.
Read more Communication
In Mattermost versions 9.11.x up to 9.11.6 a low severity vulnerability CVE-2025-0503 was detected. This vulnerability allows attackers to infer user IDs and other metadata from deleted DMs when manually marked as deleted in the database. To address this issue, users should upgrade Mattermost to version 10.4.0 or 9.11.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0503.
Read more Communication
In Mattermost versions 10.2.x up to and including 10.2.0, 9.11.x up to and including 9.11.5, 10.0.x up to and including 10.0.3, 10.1.x up to and including 10.1.3 a medium severity vulnerability CVE-2025-21088 was detected. This vulnerability allows an attacker to crash the frontend by crafting malicious input that improperly validates the style of proto supplied to an action’s style in post.props.attachments. To address this issue, users should upgrade Mattermost to version 10.2.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-21088.
Read more Communication
In Mattermost versions 10.2.x up to and including 10.2.0, 9.11.x up to and including 9.11.5, 10.0.x up to and including 10.0.3, 10.1.x up to and including 10.1.3 a medium severity vulnerability CVE-2025-20086 was detected. This vulnerability allows a malicious authenticated user to cause a crash by creating a malicious post with improperly validated post props. To address this issue, users should upgrade Mattermost to version 10.2.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-20086.
Read more Communication
In Mattermost versions 10.x up to and including 10.2 a low severity vulnerability CVE-2025-22445 was detected. This vulnerability allows confusion for administrators regarding a Calls security-sensitive configuration due to inaccurate UI reporting of missing settings. To address this issue, users should upgrade Mattermost to version 10.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-22445.
Read more Communication