CVE-2025-20621

Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel...

PT-2025-4149 · Mattermost · Mattermost Mobile

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile versions =2.22.0 Description: The issue arises from the improper handling of posts with attachments that contain fields which cannot be converted to a string. This allows an attacker to cause the mobile application to crash ...