CVE-2025-22445: Misleading UI for undefined admin console settings in Calls causes security confusion

3.5 CVSS

Description

Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting.

Classification

CVE ID: CVE-2025-22445

CVSS Base Severity: LOW

CVSS Base Score: 3.5

Affected Products

Vendor: Mattermost

Product: Mattermost

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-07 (when was this score calculated)

References

https://mattermost.com/security-updates

Timeline

2025-01-10 00:31:13 UTC
CVE

Misleading UI for undefined admin console settings in Calls causes security confusion