CVE-2025-1398 LOW

CVE-2025-1398: macOS TCC Bypass via Code Injection

Vendor Mattermost
Product Mattermost
Weakness CWE-426
Published March 17, 2025
Last update March 31, 2025

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

Key dates

02Disclosure timeline

March 17, 2025 CVE published
March 31, 2025 Record updated

Related vulnerabilities

04Related CVE