CVE-2025-13321 - Vulnerability Details - OpenCVE

Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Update Mattermost Desktop App to versions 6.0.0 or higher.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://mattermost.com/security-updates

History

Wed, 17 Dec 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 17 Dec 2025 18:30:00 +0000

Type	Values Removed	Values Added
Description		Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.
Title		Mattermost Desktop App logging sensitive information and fails to clear data on server deletion
Weaknesses		CWE-532
References		https://mattermost.com/security-updates
Metrics		cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2025-12-17T18:14:12.745Z

Updated: 2025-12-17T19:29:49.378Z

Reserved: 2025-11-17T15:51:49.044Z

Link: CVE-2025-13321

Vulnrichment

Updated: 2025-12-17T18:52:34.727Z

NVD

Status : Received

Published: 2025-12-17T19:16:00.927

Modified: 2025-12-17T19:16:00.927

Link: CVE-2025-13321

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-532

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13321", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "state": "PUBLISHED", "assignerShortName": "Mattermost", "dateReserved": "2025-11-17T15:51:49.044Z", "datePublished": "2025-12-17T18:14:12.745Z", "dateUpdated": "2025-12-17T19:29:49.378Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mattermost", "vendor": "Mattermost", "versions": [{"lessThanOrEqual": "6.0.0", "status": "affected", "version": "0", "versionType": "semver"}, {"version": "6.0.0", "status": "unaffected"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Doyensec"}], "descriptions": [{"lang": "en", "value": "Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs."}], "metrics": [{"cvssV3_1": {"attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW", "baseScore": 3.3}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-532: Insertion of Sensitive Information into Log Files", "cweId": "CWE-532"}]}], "references": [{"url": "https://mattermost.com/security-updates"}], "solutions": [{"value": "Update Mattermost Desktop App to versions 6.0.0 or higher.", "lang": "en"}], "source": {"advisory": "MMSA-2025-00520", "defect": ["https://mattermost.atlassian.net/browse/MM-65010"], "discovery": "EXTERNAL"}, "title": "Mattermost Desktop App logging sensitive information and fails to clear data on server deletion", "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2025-12-17T18:14:12.745Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-17T18:52:32.074659Z", "id": "CVE-2025-13321", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-17T19:29:49.378Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13321", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-17T18:52:32.074659Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-17T18:52:34.727Z"}}], "cna": {"title": "Mattermost Desktop App logging sensitive information and fails to clear data on server deletion", "source": {"defect": ["https://mattermost.atlassian.net/browse/MM-65010"], "advisory": "MMSA-2025-00520", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Doyensec"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mattermost", "product": "Mattermost", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "6.0.0"}, {"status": "unaffected", "version": "6.0.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Mattermost Desktop App to versions 6.0.0 or higher."}], "references": [{"url": "https://mattermost.com/security-updates"}], "descriptions": [{"lang": "en", "value": "Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log Files"}]}], "providerMetadata": {"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "shortName": "Mattermost", "dateUpdated": "2025-12-17T18:14:12.745Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13321", "state": "PUBLISHED", "dateUpdated": "2025-12-17T19:29:49.378Z", "dateReserved": "2025-11-17T15:51:49.044Z", "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee", "datePublished": "2025-12-17T18:14:12.745Z", "assignerShortName": "Mattermost"}, "dataVersion": "5.2"}