CVE-2025-22445 — Improper Check for Unusual or Exceptional Conditions in Mattermost Mattermost-server

CWE-754 — Improper Check for Unusual or Exceptional Conditions6 documents5 sources

Severity

5.3MEDIUMNVD

CNA3.5

EPSS

0.2%

top 58.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Mattermost Mattermost-server Github.com Mattermost Mattermost Server V8 Mattermost Server +1 more

Timeline

PublishedJan 9

Description

Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDmattermost/mattermost_server10.0.0 — 10.3.0

▶Gogithub.com/mattermost_mattermost-server< 10.3.0+incompatible

▶Gogithub.com/mattermost_mattermost_server_v810.0 — 10.3.0+1

▶CVEListV5mattermost/mattermost10.0.* — 10.2.*

🔴Vulnerability Details

OSV

Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server↗2025-01-09

▶

CVEList

Misleading UI for undefined admin console settings in Calls causes security confusion↗2025-01-09

▶

OSV

Mattermost has Improper Check for Unusual or Exceptional Conditions↗2025-01-09

▶

GHSA

Mattermost has Improper Check for Unusual or Exceptional Conditions↗2025-01-09

▶

📋Vendor Advisories

Red Hat

mattermost: Misleading UI for undefined admin console settings in Calls causes security confusion↗2025-01-09

▶