CVE-2025-14435

Summary

Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost10.11.0 <= 10.11.8affected
MattermostMattermost11.1.0 <= 11.1.1affected
MattermostMattermost11.0.0 <= 11.0.6affected
MattermostMattermost11.2.0unaffected
MattermostMattermost10.11.9unaffected
MattermostMattermost11.1.2unaffected
MattermostMattermost11.0.7unaffected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References