CVE-2025-51846

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.

cryptpad/cryptpad
cryptpad/cryptpad
Collaborative office suite, end-to-end encrypted and open-source.
GitHubGitHub
7.72K
JohnPerifanis/cryptpad-cve-2025-51846-advisory
JohnPerifanis/cryptpad-cve-2025-51846-advisory
Sanitized advisory for CVE-2025-51846 affecting CryptPad WebSocket handling.
GitHubGitHub