If a feature no one uses has a bug in it, is it possible for that bug to be flagged as critical?

Depends on the impact.

It is not about how many users can be affected but jow they are affected, lets say this bug creates a legal liability for the company, that is critical.

or represent harm to the company or the user, that is critical.

Or causes revenue loss, also critical.

If it causes a mild inconvenience that has nothing to do with the core product, then it is not critical.

But every company creates its own criteria and it sometimes just sucks.

Yes.

Imagine half a year from now, somebody uses that feature somewhere, unaware of the bug, and by that exposing a db or whatever. So yes. Either fix or remove it.

@mundo03 I agree, but in this particular case the feature is neither important nor used.

@pascalwacker But is it critical, as in drop everything and do it right now?

@Rabb wouldn't that be a blocker? Critical is a should be fixed in 2 days, while a blocker is drop every thing and fix it (at least that's what I've learned) and yes it's a bit overreacting but let's say it opens a db up to sql injections, then either data (including hashed passwords could get stolen) or the db could just get dropt or altered. Let's say it's for a crm and someone could alter the billing data, in such a case the bug is critical and as I've said before, if it's in the code, chances are that it's going to be used someday...