CVE-2025-35965

Published Apr 24, 2025

Last updated 2 months ago

CVSS medium 6.5

Overview

Description
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition.
Source
responsibledisclosure@mattermost.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

responsibledisclosure@mattermost.com
CWE-770

Social media

Hype score
Not currently trending

  1. CVE-2025-35965 Mattermost versions 10.4.x &lt;= 10.4.2, 10.5.x &lt;= 10.5.0, 9.11.x &lt;= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions… https://t.co/HaQbYmz6Ld

    @CVEnew

    24 Apr 2025

    351 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.