Mattermost Desktop App logging sensitive information and fails to clear...

3.3 / 10

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.

Basic Information

ID CVE-2025-13321

Source Mattermost

Published Dec 17, 2025 at 18:14

Modified Dec 17, 2025 at 19:29

Affected Product

Vendor Mattermost

Product Mattermost

Affected Versions Mattermost Mattermost 0

CWE Classification

CWE-532

References

mattermost.com /security-updates

{
    "lastseen": "",
    "description": "Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.",
    "published": "2025-12-17T18:14:12.745Z",
    "modified": "2025-12-17T19:29:49.378Z",
    "type": "cve",
    "title": "Mattermost Desktop App logging sensitive information and fails to clear data on server deletion",
    "source": "Mattermost",
    "references": "https://mattermost.com/security-updates",
    "id": "CVE-2025-13321",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "Mattermost Mattermost 0",
    "sourceHref": "",
    "cvss": {
        "score": 3.3,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mattermost",
    "version": "0",
    "vendor": "Mattermost",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Mattermost Desktop App logging sensitive information and fails to clear data on server deletion_CVE-2025-13321