CVE-2025-14435 | THREATINT

Description

Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.

PUBLISHED Reserved 2025-12-10 | Published 2026-01-16 | Updated 2026-01-16 | Assigner Mattermost

MEDIUM: 6.8CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Problem types

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

Default status

unaffected

10.11.0 (semver)

affected

11.1.0 (semver)

affected

11.0.0 (semver)

affected

11.2.0

unaffected

10.11.9

unaffected

11.1.2

unaffected

11.0.7

unaffected

Credits

daw10 finder

References

mattermost.com/security-updates

cve.org (CVE-2025-14435)

nvd.nist.gov (CVE-2025-14435)

Download JSON