← back
CVE-2025-35965

DoS in Mattermost Playbooks via Excessive Task Actions

CVSS 6.5 MEDIUMEPSS 0.3%CWE-770
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
24 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Mattermost · Mattermost

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://mattermost.com/security-updates