PT-2025-24553 · Unknown · Rocket.Chat
Mmmsssttt
·
Published
2025-06-09
·
Updated
2025-06-10
·
CVE-2025-5892
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
RocketChat versions up to 7.6.1
Description
A problematic issue has been found in RocketChat, affecting the
parseMessage function of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the line argument leads to inefficient regular expression complexity. This issue can be exploited remotely.Recommendations
For RocketChat versions up to 7.6.1, consider updating to a version that includes a fix for this issue, as the current version is affected by the inefficient regular expression complexity in the
parseMessage function.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rocket.Chat