What is the severity of CVE-2025-22445?

CVE-2025-22445 has a medium severity level due to its impact on administrative configuration visibility.

How do I fix CVE-2025-22445?

To fix CVE-2025-22445, upgrade Mattermost to version 10.3.0 or later.

Which versions of Mattermost are affected by CVE-2025-22445?

Mattermost versions 10.x up to and including 10.2 are affected by CVE-2025-22445.

What is the impact of CVE-2025-22445 on system administrators?

CVE-2025-22445 can cause confusion for system administrators regarding the security-sensitive configuration settings related to Calls.

Is there a workaround for CVE-2025-22445?

There is no official workaround for CVE-2025-22445, and upgrading to the latest version is recommended.

Vulnerability/
CVE-2025-22445

low

3.5

CWE

754

EPSS

0.043%

9/1/2025

CVE-2025-22445: Misleading UI for undefined admin console settings in Calls causes security confusion

First published: Thu Jan 09 2025(Updated: )

Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting.

Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com

Affected Software	Affected Version	How to fix
go/github.com/mattermost/mattermost/server/v8	<8.0.0-20250102081831-64c566a8280b	8.0.0-20250102081831-64c566a8280b
go/github.com/mattermost/mattermost/server/v8	>=10.0<10.3.0	10.3.0

Remedy

Update Mattermost to versions 10.3.0 or higher.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-22445?
CVE-2025-22445 has a medium severity level due to its impact on administrative configuration visibility.
How do I fix CVE-2025-22445?
To fix CVE-2025-22445, upgrade Mattermost to version 10.3.0 or later.
Which versions of Mattermost are affected by CVE-2025-22445?
Mattermost versions 10.x up to and including 10.2 are affected by CVE-2025-22445.
What is the impact of CVE-2025-22445 on system administrators?
CVE-2025-22445 can cause confusion for system administrators regarding the security-sensitive configuration settings related to Calls.
Is there a workaround for CVE-2025-22445?
There is no official workaround for CVE-2025-22445, and upgrading to the latest version is recommended.

agent/remedy
agent/title
agent/weakness
agent/first-publish-date
agent/type
agent/description
collector/nvd-api
source/NVD
agent/severity
collector/github-advisory-latest
source/GitHub
alias/GHSA-7rgp-4j56-fm79
alias/CVE-2025-22445
agent/software-canonical-lookup
agent/last-modified-date
agent/references
agent/softwarecombine
agent/event
collector/nvd-cve
agent/author
collector/mitre-cve
source/MITRE
agent/source
collector/epss-latest
source/FIRST
agent/epss
agent/tags
collector/github-advisory
package-manager/go

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.