๐Ÿ” CVE Alert

CVE-2025-71377

UNKNOWN 0.0

stoatchat before 20250210-1 Unrestricted Message History Fetch

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

stoatchat (delta) versions before 20250210-1 (0.8.2) contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft nearby message fetch requests to download an entire channel's message history in a single expensive request, and can send many such requests in parallel, resulting in denial of service through resource exhaustion.

CWE CWE-1025
Vendor stoatchat
Product stoatchat
Published Jul 16, 2026
Last Updated Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for stoatchat stoatchat

Be the first to know when new unknown vulnerabilities affecting stoatchat stoatchat are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

stoatchat / stoatchat
0 < 20250210-1 (0.8.2)

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/stoatchat/stoatchat/security/advisories/GHSA-h7h6-7pxm-mc66 github.com: https://github.com/stoatchat/stoatchat/commit/5f84daa9dba34c103cd83a2ee1f5e5ba900bfe94 vulncheck.com: https://www.vulncheck.com/advisories/stoatchat-before-20250210-1-unrestricted-message-history-fetch