CVE-2025-14435: Mattermost is vulnerable to DoS due to infinite re-renders on API errors
(updated )
Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops.
References
- github.com/advisories/GHSA-mx8m-v8qm-xwr8
- github.com/mattermost/mattermost
- github.com/mattermost/mattermost/commit/613bb616cd62c584a606919e6978688e7b87d81e
- github.com/mattermost/mattermost/commit/9f7629504bc93f79af8d606329c025a687e143cd
- github.com/mattermost/mattermost/commit/cc6b77b271324796b72f1e6b82dba85a86462f9f
- mattermost.com/security-updates
- nvd.nist.gov/vuln/detail/CVE-2025-14435
Code Behaviors & Features
Detect and mitigate CVE-2025-14435 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →