Improper Validation of Specified Type of Input

CVE-2025-41395

High

7.5/10

Summary

Mattermost server versions 9.11.x through 9.11.10, 10.4.x through 10.4.2, 10.5.x through 10.5.0 and Mattermost-plugin-playbooks versions 0.1.0 through 1.40.0 and 2.0.0 through 2.1.0 fails to properly validate the props used by the "RetrospectivePost" custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a Denial-Of-Service (DoS) of the web app for all users.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-1287 - Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

References

Advisory
Advisory
Pull request

Advisory Timeline

Published Apr 24, 2025

Improper Validation of Specified Type of Input

CVE-2025-41395

Summary

CWE-1287 - Improper Validation of Specified Type of Input

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS