CVE-2025-62190 – This CSRF vulnerability in Mattermost allows au... (How to Fix)

Q: How do I fix CVE-2025-62190?

1. Backup your Mattermost instance. 2. Upgrade to patched versions: Mattermost 11.0.5+, 10.12.3+, or 10.11.7+ and Mattermost Calls 1.10.1+. 3. Restart the Mattermost service.

Q: What is the severity of CVE-2025-62190?

CVE-2025-62190 has a CVSS score of 4.3 (MEDIUM). This CSRF vulnerability in Mattermost allows authenticated attackers to initiate calls and inject messages into channels or direct messages via malicious webpages or links. It affects Mattermost versions 11.0.4 and below, 10.12.2 and below, 10.11.6 and below, and Mattermost Calls versions 1.10.0 and below.

📋 TL;DR

This CSRF vulnerability in Mattermost allows authenticated attackers to initiate calls and inject messages into channels or direct messages via malicious webpages or links. It affects Mattermost versions 11.0.4 and below, 10.12.2 and below, 10.11.6 and below, and Mattermost Calls versions 1.10.0 and below.

💻 Affected Systems

Products:

Mattermost
Mattermost Calls

Versions: Mattermost: 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6; Mattermost Calls: <=1.10.0

Operating Systems: All platforms running affected Mattermost versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated attacker and user interaction with malicious content.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could spam channels with malicious content, initiate unwanted calls disrupting communication, or use message injection as part of social engineering attacks.

🟠

Likely Case

Unauthorized message injection into channels or DMs, potentially leading to phishing, misinformation, or harassment within the platform.

🟢

If Mitigated

Limited impact with proper CSRF protections and user awareness training about suspicious links.

🌐 Internet-Facing: MEDIUM - Exploitation requires user interaction with malicious content but can affect internet-facing instances.

🏢 Internal Only: MEDIUM - Internal users could still be tricked into visiting malicious pages, though attack surface is smaller.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Standard CSRF exploitation techniques apply.

Exploitation requires the victim to be authenticated and visit a malicious page or click a crafted link.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Mattermost 11.0.5, 10.12.3, 10.11.7; Mattermost Calls 1.10.1

Vendor Advisory: https://mattermost.com/security-updates

Restart Required: Yes

Instructions:

1. Backup your Mattermost instance. 2. Upgrade to patched versions: Mattermost 11.0.5+, 10.12.3+, or 10.11.7+ and Mattermost Calls 1.10.1+. 3. Restart the Mattermost service.

🔧 Temporary Workarounds

Enable CSRF Protection

all

Ensure CSRF protection is enabled in Mattermost configuration if not already.

Check config.json for "EnableCSRFProtection": true

Restrict Calls Widget Access

all

Temporarily restrict access to the Calls widget page via network controls.

🧯 If You Can't Patch

Implement web application firewall rules to detect and block CSRF attempts.
Educate users about the risks of clicking unknown links and enable logging for suspicious activities.

🔍 How to Verify

Check if Vulnerable:

Check Mattermost version via System Console > About or run: mattermost version

Check Version:

mattermost version

Verify Fix Applied:

Confirm version is patched: Mattermost >=11.0.5, >=10.12.3, >=10.11.7 and Mattermost Calls >=1.10.1

📡 Detection & Monitoring

Log Indicators:

Unexpected call initiations from users
Unusual message injection patterns in channel logs

Network Indicators:

CSRF token validation failures in web logs
Requests to Calls widget without proper referrer headers

SIEM Query:

source="mattermost" AND (event="call_initiated" OR event="message_posted") AND user_agent CONTAINS "malicious"

📊 Metadata

CVE ID: CVE-2025-62190

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

EPSS Score: 0.02% exploit probability (3.9th percentile)

Published: December 17, 2025

Last Updated: December 29, 2025

🔗 References

https://mattermost.com/security-updates Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62190, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mattermost Server by Mattermost

Mattermost Server by Mattermost

Mattermost Server by Mattermost

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Enable CSRF Protection

Restrict Calls Widget Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities