CVE-2025-22445

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.x through 10.2

Description The issue arises from Mattermost's failure to accurately reflect missing settings, leading to confusion among administrators regarding a Calls security-sensitive configuration due to incorrect UI reporting. This confusion can stem from the UI not properly indicating the status of certain security settings, potentially causing administrators to misinterpret the security posture of their Calls configuration.

Recommendations For Mattermost versions 10.x through 10.2, consider temporarily restricting access to the Calls security-sensitive configuration until a proper fix is available, to minimize the risk of exploitation due to the confusion caused by incorrect UI reporting.

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

CVE-2025-22445

GHSA-7RGP-4J56-FM79

GO-2025-3380

OPENSUSE-SU-2025:14644-1

OPENSUSE-SU-2025_0297-1

SUSE-SU-2025:0297-1

Affected Products

Mattermost

Suse

CVE-2025-22445

Weakness Enumeration

Related Identifiers

Affected Products

References · 49