CVE-2025-57798

Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.7.1

Description A Denial of Service (DoS) issue exists in the title input functionality due to missing length validation. An attacker can cause an Out Of Memory (OOM) error—a state where the system cannot allocate enough memory to perform an operation—leading to program termination by inserting an excessively long string into a note title. This can be achieved through the user interface or programmatically via the local web service API if an authentication token is compromised. Specifically, a crafted HTTP POST request sent to the local API containing an excessively long string in the title parameter causes the application to attempt an unbounded memory allocation.

Recommendations Update to version 3.7.1.