VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-d3yt-mkwe-33hu

Essentials
Severities (20)
References (8)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-d3yt-mkwe-33hu
Aliases	CVE-2025-46556 GHSA-r3jf-hm7q-qfw5
Summary	MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length A lack of server-side validation for note length in MantisBT allows attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters). Once such a note is added:
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-770	Allocation of Resources Without Limits or Throttling
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2025-46556
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2025-46556
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-r3jf-hm7q-qfw5
cvssv3.1	6.5	https://github.com/mantisbt/mantisbt
generic_textual	MODERATE	https://github.com/mantisbt/mantisbt
cvssv3.1	6.5	https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234
generic_textual	MODERATE	https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234
ssvc	Track	https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234
cvssv3.1	6.5	https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238
generic_textual	MODERATE	https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238
ssvc	Track	https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238
cvssv3.1	6.5	https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361
generic_textual	MODERATE	https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361
ssvc	Track	https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361
cvssv3.1	6.5	https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5
cvssv3.1_qr	MODERATE	https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5
generic_textual	MODERATE	https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5
ssvc	Track	https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2025-46556
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-46556

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-46556
		https://github.com/mantisbt/mantisbt
		https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234
		https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238
		https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361
CVE-2025-46556		https://nvd.nist.gov/vuln/detail/CVE-2025-46556
GHSA-r3jf-hm7q-qfw5		https://github.com/advisories/GHSA-r3jf-hm7q-qfw5
GHSA-r3jf-hm7q-qfw5		https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/mantisbt/mantisbt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/ Found at https://github.com/mantisbt/mantisbt/commit/c99a41272532ba49b5c8dccb7797afead9864234

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/ Found at https://github.com/mantisbt/mantisbt/commit/d5cec6bffb44d54bd412c186b9baa409b1aa4238

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/ Found at https://github.com/mantisbt/mantisbt/commit/e9119c68b4a0eaa0bbde3deb121e81f5f7157361

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-06T20:44:31Z/ Found at https://github.com/mantisbt/mantisbt/security/advisories/GHSA-r3jf-hm7q-qfw5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-46556

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.20074
EPSS Score	0.00064
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:48:24.822977+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mantisbt/mantisbt/CVE-2025-46556.yml	38.6.0