CVE-2025-0476 – Mattermost Mobile Apps versions up to 2.22.0 co... (How to Fix)

Q: What is the severity of CVE-2025-0476?

CVE-2025-0476 has a CVSS score of 4.3 (MEDIUM). Mattermost Mobile Apps versions up to 2.22.0 contain a vulnerability where specially crafted attachment names can cause the mobile app to crash when a user opens a channel containing such an attachment. This affects all users of vulnerable Mattermost mobile applications. The vulnerability allows denial of service against mobile app users.

📋 TL;DR

Mattermost Mobile Apps versions up to 2.22.0 contain a vulnerability where specially crafted attachment names can cause the mobile app to crash when a user opens a channel containing such an attachment. This affects all users of vulnerable Mattermost mobile applications. The vulnerability allows denial of service against mobile app users.

💻 Affected Systems

Products:

Mattermost Mobile App (iOS)
Mattermost Mobile App (Android)

Versions: <= 2.22.0

Operating Systems: iOS, Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects mobile applications. Mattermost server and desktop applications are not affected.

📦 What is this software?

Mattermost Mobile by Mattermost

View all CVEs affecting Mattermost Mobile →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could repeatedly crash mobile apps for targeted users, disrupting communication and productivity across an organization's Mattermost deployment.

🟠

Likely Case

Temporary denial of service for mobile users who encounter malicious attachments, requiring app restart to restore functionality.

🟢

If Mitigated

Minimal impact with proper monitoring and rapid patching, as the vulnerability only affects mobile apps and doesn't compromise servers or data.

🌐 Internet-Facing: MEDIUM - Attackers could exploit this if they can post to channels accessible to mobile users, but requires some level of access to the Mattermost instance.

🏢 Internal Only: MEDIUM - Internal users with posting privileges could disrupt mobile app usage for colleagues.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to post attachments to channels accessible by mobile users. No authentication bypass is involved.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 2.22.0

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Update Mattermost Mobile App from official app store (iOS App Store or Google Play Store). 2. Ensure all mobile users update to version > 2.22.0. 3. Restart the mobile app after update.

🔧 Temporary Workarounds

Disable mobile app usage

all

Temporarily restrict mobile app access until patched

Attachment name filtering

all

Implement server-side filtering of attachment names containing special characters

🧯 If You Can't Patch

Educate users to avoid opening suspicious attachments in mobile app
Monitor for unusual attachment uploads and investigate users posting attachments with unusual names

🔍 How to Verify

Check if Vulnerable:

Check mobile app version in app settings. If version is 2.22.0 or lower, the app is vulnerable.

Check Version:

In Mattermost mobile app: Settings → About → Version

Verify Fix Applied:

Verify mobile app version is > 2.22.0 in app settings after update.

📡 Detection & Monitoring

Log Indicators:

Multiple mobile app crash reports from same users
Unusual attachment upload patterns

Network Indicators:

Increased mobile app reconnection attempts

SIEM Query:

Search for error logs containing 'crash' or 'attachment' from mobile user agents

📊 Metadata

CVE ID: CVE-2025-0476

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-1287

EPSS Score: 0.31% exploit probability (53.9th percentile)

Published: January 16, 2025

Last Updated: September 24, 2025

🔗 References

https://mattermost.com/security-updates Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0476, you might also want to check these: