{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/bookstack-25.12.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["BookStack (25.12.1)"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","webapps","exploit"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA denial-of-service vulnerability has been identified in BookStack version 25.12.1. A public exploit, EDB-52571, has been published on Exploit-DB, making exploitation easier. The availability of this exploit increases the risk to unpatched systems, as attackers can leverage it to disrupt the availability of BookStack instances. This vulnerability allows an attacker to potentially overload the system, rendering it unresponsive to legitimate users.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable BookStack 25.12.1 instance.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request designed to exploit the denial-of-service vulnerability.\u003c/li\u003e\n\u003cli\u003eAttacker sends the crafted HTTP request to the target BookStack server.\u003c/li\u003e\n\u003cli\u003eThe BookStack server processes the malicious request, consuming excessive resources.\u003c/li\u003e\n\u003cli\u003eThe server\u0026rsquo;s resource consumption (CPU, memory, I/O) spikes, leading to performance degradation.\u003c/li\u003e\n\u003cli\u003eLegitimate user requests are delayed or dropped due to resource exhaustion.\u003c/li\u003e\n\u003cli\u003eThe BookStack instance becomes unresponsive, resulting in a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eAdministrators may need to restart the BookStack service to restore functionality.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this denial-of-service vulnerability can lead to significant disruption of BookStack services. Affected organizations may experience downtime, preventing users from accessing critical documentation and knowledge base resources. The number of affected users will depend on the size of the BookStack deployment, but any unpatched instance is vulnerable. The impact is service unavailability and potential data integrity issues due to abnormal termination.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade BookStack to a patched version that addresses the denial-of-service vulnerability to prevent exploitation (reference: BookStack 25.12.1 is vulnerable).\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious HTTP requests that may indicate exploitation attempts (reference: webserver log source in Sigma rules below).\u003c/li\u003e\n\u003cli\u003eImplement rate limiting and request filtering on the web server hosting BookStack to mitigate potential denial-of-service attacks (reference: webserver log source in Sigma rules below).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-21T13:31:47Z","date_published":"2026-05-21T13:31:47Z","id":"https://feed.craftedsignal.io/briefs/2026-05-bookstack-dos/","summary":"A denial-of-service vulnerability exists in BookStack version 25.12.1, and a public exploit (EDB-52571) is available, increasing the risk to unpatched systems.","title":"BookStack 25.12.1 Denial-of-Service Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-bookstack-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — BookStack (25.12.1)","version":"https://jsonfeed.org/version/1.1"}