CVE-2025-1398

LOW3.3EPSS 0.01%

Mattermost Desktop App allows the bypass of Transparency, Consent, and Control (TCC) via code injection

發布日:2025/3/17修改日:2025/3/17

描述

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

受影響套件(1)

npm/mattermost-desktopfrom 0, < 5.11.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	LOW3.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-1398
PATCHhttps://github.com/mattermost/desktop
WEBhttps://mattermost.com/security-updates