Configuration Reporting Flaw in Mattermost by Mattermost Inc.
CVE-2025-22445

3.5LOW

Key Information:

Vendor: Mattermost
Status: Mattermost
Vendor: CVE Published:; 9 January 2025

Summary

Mattermost versions up to and including 10.2 exhibit a configuration reporting flaw that leads to inaccurate UI representation of missing settings. This issue can cause confusion among administrators concerning the security-sensitive configuration related to calls. Proper visibility and correct representation of these settings are critical to ensure that admins can effectively manage their security posture and mitigate potential risks associated with misconfiguration.

Affected Version(s)

Mattermost 10.0.* <= 10.2.*

Mattermost 10.3.0

References

https://mattermost.com/security-updates

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2025
Vulnerability Reserved
Jan 8, 2025

Credit

Leandro Chaves (brdoors3)