CVE-2025-30516— Unauthorized Notification Exposure in Mobile App Under Specific Conditions
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-30516
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthorized Notification Exposure in Mobile App Under Specific Conditions
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的会话过期机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mattermost Mobile Apps 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mattermost Mobile Apps是美国Mattermost公司的一款消息传递移动应用程序。 Mattermost Mobile Apps 2.25.0及之前版本存在安全漏洞,该漏洞源于注销时未正确终止会话,可能导致敏感信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Mattermost | Mattermost | 0 ~ 2.25.0 | - |
II. Public POCs for CVE-2025-30516
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-30516
请登录查看更多情报信息。
Same Patch Batch · Mattermost · 2025-04-14 · 4 CVEs total
| CVE-2025-2475 | 5.4 MEDIUM | Unauthorized Bot Login Using Credentials |
| CVE-2025-32093 | 4.7 MEDIUM | Syatem admin profile modification by delegated granular administration role |
| CVE-2025-2424 | 3.1 LOW | Leaked Metadata of Deleted Files via Bookmark Creation |
IV. Related Vulnerabilities
Same product: Mattermost
- CVE-2026-3590
Race Condition in Guest Magic Link Authentication Allows Tok - CVE-2026-28741
CSRF Protection Bypass Allows Updating a User's Authenticati - CVE-2026-27769
Connected Workspaces: Malicious remote server can manipulate - CVE-2026-24661
Unbounded Request Body Read in MS Teams Plugin {{/changes}} - CVE-2026-21388
Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}
Same vendor: Mattermost
- CVE-2026-3590
Race Condition in Guest Magic Link Authentication Allows Tok - CVE-2026-28741
CSRF Protection Bypass Allows Updating a User's Authenticati - CVE-2026-27769
Connected Workspaces: Malicious remote server can manipulate - CVE-2026-24661
Unbounded Request Body Read in MS Teams Plugin {{/changes}} - CVE-2026-21388
Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}
Same weakness: CWE-613
- CVE-2026-41902
FreeScout's user invitation hash never expires: permanent un - CVE-2026-41519
Weblate's API Token Not Invalidated on Password Change - CVE-2026-41891
CI4MS: Deactivated User Session Bypass (active=0) - CVE-2026-40934
jupyter-server authentication cookies remain valid after pas - CVE-2026-42421
OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shar
V. Comments for CVE-2025-30516
No comments yet