CVE-2025-57798: CWE-770: Allocation of Resources Without Limits or Throttling in laurent22 joplin
Joplin versions 3. 6. 14 and earlier contain a Denial of Service (DoS) vulnerability due to improper length validation on note titles. An attacker can cause an Out Of Memory (OOM) error and crash the application by inserting an excessively long string into a note's title. This can be done either through the user interface or programmatically via the local web service API if the attacker has access to the user's authentication token. The vulnerability is fixed in version 3. 7. 1.
AI Analysis
Technical Summary
CVE-2025-57798 is a resource exhaustion vulnerability (CWE-770) in the open source note-taking application Joplin, affecting versions prior to 3.7.1. The flaw arises from a lack of proper length validation on the title input field, allowing an attacker to supply an excessively long string that causes the application to allocate unbounded memory. Exploitation can occur locally via the UI or remotely via the local web service API if the attacker has compromised the user's authentication token. Successful exploitation results in an Out Of Memory condition leading to application termination (Denial of Service).
Potential Impact
The vulnerability results in a Denial of Service condition by causing the Joplin application to crash due to memory exhaustion. There is no impact on confidentiality or integrity reported, only availability is affected. Exploitation requires local access or prior compromise of the user's authentication token for the local API method.
Mitigation Recommendations
A fix is available in Joplin version 3.7.1. Users should upgrade to version 3.7.1 or later to remediate this vulnerability. No additional mitigation guidance is provided or required beyond applying the official patch.
CVE-2025-57798: CWE-770: Allocation of Resources Without Limits or Throttling in laurent22 joplin
Description
Joplin versions 3. 6. 14 and earlier contain a Denial of Service (DoS) vulnerability due to improper length validation on note titles. An attacker can cause an Out Of Memory (OOM) error and crash the application by inserting an excessively long string into a note's title. This can be done either through the user interface or programmatically via the local web service API if the attacker has access to the user's authentication token. The vulnerability is fixed in version 3. 7. 1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-57798 is a resource exhaustion vulnerability (CWE-770) in the open source note-taking application Joplin, affecting versions prior to 3.7.1. The flaw arises from a lack of proper length validation on the title input field, allowing an attacker to supply an excessively long string that causes the application to allocate unbounded memory. Exploitation can occur locally via the UI or remotely via the local web service API if the attacker has compromised the user's authentication token. Successful exploitation results in an Out Of Memory condition leading to application termination (Denial of Service).
Potential Impact
The vulnerability results in a Denial of Service condition by causing the Joplin application to crash due to memory exhaustion. There is no impact on confidentiality or integrity reported, only availability is affected. Exploitation requires local access or prior compromise of the user's authentication token for the local API method.
Mitigation Recommendations
A fix is available in Joplin version 3.7.1. Users should upgrade to version 3.7.1 or later to remediate this vulnerability. No additional mitigation guidance is provided or required beyond applying the official patch.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-08-20T14:30:35.008Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0cd03bba1db47362edbc47
Added to database: 5/19/2026, 9:03:55 PM
Last enriched: 5/19/2026, 9:18:38 PM
Last updated: 5/20/2026, 1:33:11 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.