cbcvebase.
CVE-2025-22445
published 2025-01-09

CVE-2025-22445: Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive…

medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting.

Affected

5 ranges
VendorProductVersion rangeFixed in
github.commattermost_mattermost-server>= 0 < 10.3.0+incompatible10.3.0+incompatible
github.commattermost_mattermost_server_v8>= 0 < 8.0.0-20250102081831-64c566a8280b8.0.0-20250102081831-64c566a8280b
github.commattermost_mattermost_server_v8>= 10.0 < 10.3.010.3.0
mattermostmattermost10.0.* – 10.2.*
mattermostmattermost_server>= 10.0.0 < 10.3.010.3.0