Cyber Posture

CVE-2025-20630

Medium

Published: 16 January 2025

Published
16 January 2025
Modified
24 September 2025
KEV Added
Patch
CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0022 44.4th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20630 is a medium-severity Improper Validation of Specified Type of Input (CWE-1287) vulnerability in Mattermost Mattermost Mobile. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 44.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 requires input validation at critical points, directly preventing crashes from malformed attachment fields that cannot be cast to String in Mattermost Mobile.

SI-11 Error Handling good match
prevent

SI-11 mandates error handling without unhandled exceptions, addressing the app crash triggered by improper type casting of attachment fields.

SI-2 Flaw Remediation good match
prevent

SI-2 ensures timely identification and remediation of flaws like the non-String field handling vulnerability via upgrades to version 2.23.0 or later.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Vulnerability directly enables remote DoS by exploiting improper input handling in the mobile client application, matching T1499.004 Application or System Exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel.

Deeper analysisAI

Mattermost Mobile versions <=2.22.0 are affected by CVE-2025-20630, a vulnerability where the app fails to properly handle posts with attachments containing fields that cannot be cast to a String. This flaw allows an attacker to crash the mobile application by creating and sending such a malformed post to a channel. The issue is rated 6.5 on CVSS 3.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-1287.

Attackers require low privileges as an authenticated user (PR:L) and can exploit it remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation results in a denial-of-service condition, crashing the Mattermost Mobile app for all recipients viewing the channel, with high availability impact (A:H) but no compromise of confidentiality or integrity.

The Mattermost security updates page at https://mattermost.com/security-updates details the vulnerability and mitigation, recommending an upgrade to Mattermost Mobile version 2.23.0 or later, which resolves the improper handling of non-String fields in attachments.

Details

CWE(s)
CWE-1287

Affected Products

mattermost
mattermost mobile
≤ 2.23.0

CVEs Like This One

CVE-2025-20072Same product: Mattermost Mattermost Mobile
CVE-2026-2454Same vendor: Mattermost
CVE-2025-20621Same vendor: Mattermost
CVE-2026-24458Same vendor: Mattermost
CVE-2026-20719Same vendor: Mattermost
CVE-2025-20251Shared CWE-1287
CVE-2024-48858Shared CWE-1287
CVE-2026-20074Shared CWE-1287
CVE-2026-1046Same vendor: Mattermost
CVE-2025-24490Same vendor: Mattermost

References