Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-46556
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-04 Nov, 2025 | 00:20
Updated At-06 Nov, 2025 | 20:44
Rejected At-
▼CVE Numbering Authority (CNA)
MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters) due to a lack of server-side validation of note length. Once such a note is added, the activity stream UI fails to render; therefore, new notes cannot be displayed, effectively breaking all future collaboration on the issue. This issue is fixed in version 2.27.2.

Affected Products
Vendor
Mantis Bug Tracker (MantisBT)mantisbt
Product
mantisbt
Versions
Affected
  • < 2.27.2
Problem Types
TypeCWE IDDescription
CWECWE-770CWE-770: Allocation of Resources Without Limits or Throttling
Type: CWE
CWE ID: CWE-770
Description: CWE-770: Allocation of Resources Without Limits or Throttling
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5
x_refsource_CONFIRM
https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234
x_refsource_MISC
https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238
x_refsource_MISC
https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361
x_refsource_MISC
Hyperlink: https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234
Resource:
x_refsource_MISC
Hyperlink: https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238
Resource:
x_refsource_MISC
Hyperlink: https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found