CVE-2025-62190 — Mattermost has CSRF vulnerability via Calls Widget page in github.com/mattermost

Description

Mattermost has CSRF vulnerability via Calls Widget page in github.com/mattermost/mattermost-plugin-calls

To remediate CVE-2025-62190, upgrade the affected package to a fixed version below.

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N