Skip to content
Medium Published: Dec 17, 2025

CVE-2025-62190

4.3 CVSS Score Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Export CVE-2025-62190 Data:
Share:
Link copied!

Description

Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 and Mattermost Calls versions <=1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious webpage or crafted link

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Weaknesses (CWE)

  • CWE-352

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2002-2426 CVSS 0 Same weakness: CWE-352 CVE-2004-1967 CVSS 8.8 Same weakness: CWE-352 CVE-2004-1703 CVSS 8.8 Same weakness: CWE-352 CVE-2004-1842 CVSS 8.8 Same weakness: CWE-352 CVE-2004-1995 CVSS 6.5 Same weakness: CWE-352

CVE History Timeline

Dec 17, 2025 13:15 New CVE Received
← Back to CVE Tracker