CVE-2025-30516 LOW

CVE-2025-30516: Unauthorized Notification Exposure in Mobile App Under Specific Conditions

Vendor Mattermost
Product Mattermost
Weakness CWE-613 · Insufficient session expiration
Published April 14, 2025
Last update April 14, 2025

CVSS base score

2.0/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Mattermost Mobile Apps versions <=2.25.0  fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications

Key dates

02Disclosure timeline

April 14, 2025 CVE published
April 14, 2025 Record updated