{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-13321","assignerOrgId":"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee","state":"PUBLISHED","assignerShortName":"Mattermost","dateReserved":"2025-11-17T15:51:49.044Z","datePublished":"2025-12-17T18:14:12.745Z","dateUpdated":"2025-12-17T19:29:49.378Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Mattermost","vendor":"Mattermost","versions":[{"lessThanOrEqual":"6.0.0","status":"affected","version":"0","versionType":"semver"},{"version":"6.0.0","status":"unaffected"}]}],"credits":[{"lang":"en","type":"finder","value":"Doyensec"}],"descriptions":[{"lang":"en","value":"Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs."}],"metrics":[{"cvssV3_1":{"attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"LOW","baseScore":3.3},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","description":"CWE-532: Insertion of Sensitive Information into Log Files","cweId":"CWE-532"}]}],"references":[{"url":"https://mattermost.com/security-updates"}],"solutions":[{"value":"Update Mattermost Desktop App to versions 6.0.0 or higher.","lang":"en"}],"source":{"advisory":"MMSA-2025-00520","defect":["https://mattermost.atlassian.net/browse/MM-65010"],"discovery":"EXTERNAL"},"title":"Mattermost Desktop App logging sensitive information and fails to clear data on server deletion","providerMetadata":{"orgId":"9302f53e-dde5-4bf3-b2f2-a83f91ac0eee","shortName":"Mattermost","dateUpdated":"2025-12-17T18:14:12.745Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-17T18:52:32.074659Z","id":"CVE-2025-13321","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-17T19:29:49.378Z"}}]}}