CVE-2025-55035
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-16

Last updated on: 2025-10-29

Assigner: Mattermost, Inc.

Description
Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having the user configure the malicious server and forcing a modal popup that cannot be closed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-16
Last Modified
2025-10-29
Generated
2026-05-07
AI Q&A
2025-10-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-55035
EUVD
EUVD-2025-34773
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mattermost mattermost_desktop to 5.13.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

Mattermost Desktop App versions up to 5.13.0 have a flaw in handling modal dialogs when connecting to servers using basic authentication. An attacker can set up a malicious server that, when configured by the user, triggers a modal popup in the app that cannot be closed, effectively blocking the user from accessing their server through the Desktop App.


How can this vulnerability impact me? :

This vulnerability can cause a denial of service for users of the Mattermost Desktop App by preventing them from accessing their servers if they connect to a malicious server that triggers an unclosable modal popup. This disrupts normal use of the app and can impact productivity.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart