CVE-2025-14435

CVSS v2.0

6.8

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.8 Mattermost versions 11.1.x through 11.1.1 Mattermost versions 11.0.x through 11.0.6

Description The software contains a flaw that does not prevent infinite re-renders when API errors occur. Authenticated users can trigger unbounded component re-render loops, leading to application-level Denial of Service (DoS).

Recommendations Update Mattermost to a version later than 10.11.8. Update Mattermost to a version later than 11.1.1. Update Mattermost to a version later than 11.0.6.

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

BDU:2026-00601

CVE-2025-14435

GHSA-MX8M-V8QM-XWR8

Affected Products

Mattermost

CVE-2025-14435

Weakness Enumeration

Related Identifiers

Affected Products

References · 13