Mattermost Mobile
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Mattermost Mobile.
By the Year
In 2025 there have been 3 vulnerabilities in Mattermost Mobile. Last year, in 2024 Mattermost Mobile had 5 security vulnerabilities published. Right now, Mattermost Mobile is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 3 | 0.00 |
| 2024 | 5 | 6.26 |
It may take a day or so for new Mattermost Mobile vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mattermost Mobile Security Vulnerabilities
Mattermost Mobile <=2.22.0 Crashes on Bad Attachment Cast; Vulnerable Mobile App
CVE-2025-20630
- January 16, 2025
Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel.
Mattermost Mobile <=2.22.0 Action Style Validation Flaw Causes Crash
CVE-2025-20072
- January 16, 2025
Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.
Mattermost Mobile Apps <=2.22.0 Crash via Unvalidated Post Props
CVE-2025-21083
- January 15, 2025
Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
Mattermost Mobile Apps <=2.18.0 Autocomplete Leak via password dict
CVE-2024-45833
6.5 - Medium
- September 16, 2024
Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character..
Mattermost Mobile <=2.16.0 Push Notification Validation Bypass
CVE-2024-39767
6.5 - Medium
- July 15, 2024
Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another servers diagnostic ID or server URL and have them show up in mobile apps as that servers push notifications.
authentification
Mattermost Mobile <=2.16.0 MathJax State Rce (CVE-2024-32945)
CVE-2024-32945
5.3 - Medium
- July 15, 2024
Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions.
Missing Initialization of Resource
Mattermost Mobile App <=2.13.0 Regex DoS from DeepLinks
CVE-2024-3872
6.5 - Medium
- April 16, 2024
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link.
Uncontrolled Resource Consumption in Mattermost Mobile before 2.13.0
CVE-2024-24975
6.5 - Medium
- March 15, 2024
Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax highlighter, allowing an attacker to send a very large code block and crash the mobile app.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Mattermost Mobile or by MatterMost? Click the Watch button to subscribe.
