Login Sign Up

CVE-2025-13321

3.3 LOW

📋 TL;DR

Mattermost Desktop App versions before 6.0.0 fail to properly clear sensitive information from logs and data when servers are deleted. This allows attackers with local system access to read potentially sensitive information from application logs. All users running vulnerable desktop app versions are affected.

💻 Affected Systems

Products:
  • Mattermost Desktop App
Versions: All versions < 6.0.0
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects desktop applications, not server components. Requires local system access to exploit.

📦 What is this software?

Mattermost Desktop by Mattermost

View all CVEs affecting Mattermost Desktop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers with local access could extract authentication tokens, messages, or other sensitive data from logs, potentially enabling account compromise or data exfiltration.

🟠

Likely Case

Local attackers or malware could harvest session tokens or sensitive information from logs, leading to unauthorized access to Mattermost accounts.

🟢

If Mitigated

With proper access controls and logging disabled, impact is limited to local file system access only.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local file system access to read application logs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.0.0 or later

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Download Mattermost Desktop App version 6.0.0 or later from official sources. 2. Install the update. 3. Restart the application.

🔧 Temporary Workarounds

Disable Detailed Logging

all

Configure Mattermost to use minimal or no logging to reduce sensitive data exposure.

Check Mattermost settings for logging options and set to minimal or disabled

Secure Log Files

all

Set restrictive file permissions on Mattermost log directories.

chmod 600 ~/.config/Mattermost/logs/* (Linux/macOS)
Set ACLs to restrict access to Mattermost logs folder (Windows)

🧯 If You Can't Patch

  • Implement strict access controls on user workstations to prevent unauthorized local access
  • Regularly clear Mattermost log files and implement log rotation with secure deletion

🔍 How to Verify

Check if Vulnerable:

Check Mattermost Desktop App version in Help > About menu. If version is below 6.0.0, system is vulnerable.

Check Version:

Check Help > About in Mattermost Desktop App interface

Verify Fix Applied:

After updating, verify version is 6.0.0 or higher in Help > About menu. Test by deleting a server and checking logs for sensitive data.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access to Mattermost log files
  • Sensitive data patterns in log files

Network Indicators:

  • None - this is a local file system vulnerability

SIEM Query:

File access events to Mattermost log directories from unauthorized users or processes

📊 Metadata

CVE ID: CVE-2025-13321
CVSS v3 Score: 3.3 (LOW)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-532
EPSS Score: 0.02% exploit probability (2.7th percentile)
Published: December 17, 2025
Last Updated: December 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13321, you might also want to check these:

CVE-2021-32724 9.9

CVE-2021-32724 is a critical vulnerability in the check-spelling GitHub Action that allows attackers...

Same vulnerability type (CWE-532)
CVE-2022-36407 9.9

This vulnerability allows local users to gain sensitive information through insertion of sensitive d...

Same vulnerability type (CWE-532)
CVE-2025-6391 9.8

Brocade ASCG versions before 3.3.0 log JSON Web Tokens (JWT) in plain text within log files. Attacke...

Same vulnerability type (CWE-532)