CVE-2025-1398

LOW Year: 2025
CVSS v3 Score
3.3
Low
Weakness Type
CWE-426
View all →

Vulnerability Description

Mattermost Desktop App versions <=5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control (TCC) via code injection.

Related Vulnerabilities

CVE-2024-53407

LOW
CVSS:3.3(Low)

In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data.

CWE-4262024

CVE-2024-55503

LOW
CVSS:3.3(Low)

An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component.

CWE-4262024

CVE-2017-1144

LOW
CVSS:2.5(Low)

IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033.

CWE-4262017

CVE-2023-23920

MEDIUM
CVSS:4.2(Medium)

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated priv...

CWE-4262023

CVE-2021-21562

MEDIUM
CVSS:4.4(Medium)

Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AU...

CWE-4262021

CVE-2024-13524

LOW
CVSS:4.5(Medium)

A vulnerability has been found in obsproject OBS Studio up to 30.0.2 on Windows and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unt...

CWE-4262024