2 matches found
CVE-2025-14822
Mattermost contains a vulnerability (CVE-2025-14822) affecting versions 10.11.x up to 10.11.8 where input size is not validated before processing hashtags. An authenticated attacker can exhaust CPU resources with a single HTTP POST containing thousands of space-separated tokens in a post, leading...
CVE-2025-14822 DoS from quadratic complexity in model.ParseHashtags
Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...