VYPR
Moderate severityNVD Advisory· Published Apr 24, 2025· Updated Apr 24, 2025

DoS in Mattermost Playbooks via Excessive Task Actions

CVE-2025-35965

Description

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/mattermost/mattermost/server/v8Go
< 8.0.0-20250218121836-2b5275d871368.0.0-20250218121836-2b5275d87136
github.com/mattermost/mattermost-plugin-playbooksGo
>= 2.0.0
github.com/mattermost/mattermost/server/v8Go
>= 10.4.0
github.com/mattermost/mattermost/server/v8Go
>= 10.5.0
github.com/mattermost/mattermost/server/v8Go
>= 9.11.0
github.com/mattermost/mattermost-plugin-playbooksGo
< 1.41.01.41.0

Affected products

12

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.