CVE-2025-14435

CVSS v3.1

6.8

Medium

AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.8 Mattermost versions 11.1.x through 11.1.1 Mattermost versions 11.0.x through 11.0.6

Description The software contains a flaw that does not prevent infinite re-renders when API errors occur. Authenticated users can trigger unbounded component re-render loops, leading to application-level Denial of Service (DoS).

Recommendations Update Mattermost to a version later than 10.11.8. Update Mattermost to a version later than 11.1.1. Update Mattermost to a version later than 11.0.6.

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

BDU:2026-00601

CVE-2025-14435

GHSA-MX8M-V8QM-XWR8

GO-2026-4326

SUSE-SU-2026:0757-1

Affected Products

Mattermost

CVE-2025-14435

Weakness Enumeration

Related Identifiers

Affected Products

References · 121