CVE-2025-30516 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-30516

CWE

https://cwe.mitre.org/data/definitions/613.html

Mattermost Mobile Apps versions <=2.25.0 fail to terminate sessions during logout under certain conditions (e.g. poor connectivity), allowing unauthorized users on shared devices to access sensitive notification content via continued mobile notifications

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Mattermost_mobile	Mattermost	*	2.26.0 (excluding)

Potential Mitigations

References

https://mattermost.com/security-updates