CVE-2025-5892
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rocket.chat | rocket.chat | to 7.6.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5892 is a Regular Expression Denial of Service (ReDoS) vulnerability in Rocket.Chat up to version 7.6.1. It occurs in the parseMessage function of the parseMessage.js file, where a regular expression processes input inefficiently. An attacker can send specially crafted input that triggers excessive CPU usage due to inefficient regular expression complexity, causing the application to slow down or become unresponsive. This vulnerability can be exploited remotely without authentication. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial of service condition in Rocket.Chat. When exploited, it leads to excessive CPU consumption due to inefficient regular expression processing, which can degrade or disrupt the availability of the chat service. This means legitimate users may experience slowdowns, freezes, or inability to use the service while the system is under attack. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusually high CPU usage or service disruptions in Rocket.Chat, especially when processing IRC messages containing colons. Since the issue arises from inefficient regular expression processing in the parseMessage function, you can look for signs of ReDoS attacks by analyzing logs for repeated or malformed IRC messages. Specific commands to detect this vulnerability are not provided, but running unit tests as described in the fix (Resource 3) can help verify if the vulnerability is present or mitigated. Suggested commands to test the fix include cloning the repository, installing dependencies, running the development server, and executing unit tests: 1) git clone https://github.com/mmmsssttt404/Rocket.Chat.git 2) yarn 3) yarn dsv 4) TEST_MODE=true meteor 5) meteor npm run .testunit:server -- "tests/unit/server/users/saveUserIdentity.spec.ts". [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the patch provided in the pull request that modifies the vulnerable regular expression in the parseMessage function to prevent inefficient matching patterns causing ReDoS. If patching is not immediately possible, consider limiting or filtering IRC messages containing suspicious colon patterns to reduce the risk of exploitation. Since no known countermeasures currently exist and the vulnerability is remotely exploitable without authentication, it is also suggested to consider alternative products or updated versions of Rocket.Chat that include the fix. Monitoring for unusual CPU usage and service disruptions can help detect exploitation attempts. [2, 3]