CVE-2025-35965

{"id": "CVE-2025-35965", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-04-24T07:15:31.280", "references": [{"url": "https://mattermost.com/security-updates", "source": "responsibledisclosure@mattermost.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition."}, {"lang": "es", "value": "Las versiones de Mattermost 10.4.x &lt;= 10.4.2, 10.5.x &lt;= 10.5.0, 9.11.x &lt;= 9.11.10 no logran validar la singularidad y la cantidad de acciones de tareas dentro de la operaci\u00f3n GraphQL UpdateRunTaskActions, lo que permite a un atacante crear elementos de tarea que contienen una cantidad excesiva de acciones activadas por publicaciones espec\u00edficas, sobrecargando el servidor y provocando una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2025-04-29T13:52:47.470", "sourceIdentifier": "responsibledisclosure@mattermost.com"}