CVE-2025-13321
LOWMattermost Desktop App < 6.0.0 - Sensitive Information Exposure via Log File
Title source: llmDescription
Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.
References (1)
Core 1
Core References
Vendor Advisory
https://mattermost.com/security-updates
Scores
CVSS v3
3.3
EPSS
0.0010
EPSS Percentile
1.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (2)
mattermost/mattermost_desktop
< 6.0.0
npm/mattermost-desktop
0npm
Published
Dec 17, 2025
Tracked Since
Feb 18, 2026