Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-20036
CVE-2025-20036:
Mattermost vulnerability analysis and mitigation
Overview
Mattermost Mobile Apps versions <=2.22.0 contain a vulnerability where the application fails to properly validate post props, allowing a malicious authenticated user to cause a crash via a malicious post (NVD, Mattermost Security).
Technical details
The vulnerability is classified as a medium severity issue with a CVSS v3.1 base score of 6.5. It is identified as CWE-754 (Improper Validation) where the application does not properly validate post props in the mobile apps. The vulnerability specifically involves the validation of style properties in post.props.attachments (NVD, Mattermost Security).
Impact
When successfully exploited, this vulnerability allows an authenticated malicious user to cause the mobile application to crash by sending specially crafted posts to a channel. The impact is limited to denial of service of the mobile application (NVD).
Mitigation and workarounds
The vulnerability has been fixed in Mattermost Mobile Apps version 2.23.0. Users are advised to upgrade to this version or later to receive the security fix (Mattermost Security).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management