CVE-2025-46556 — MEDIUM (6.5)

Q: How severe is CVE-2025-46556?

CVE-2025-46556 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-46556?

Check the references section above for vendor advisories and patch information. Affected products include: Mantisbt Mantisbt.

Vulnerability Description

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters) due to a lack of server-side validation of note length. Once such a note is added, the activity stream UI fails to render; therefore, new notes cannot be displayed, effectively breaking all future collaboration on the issue. This issue is fixed in version 2.27.2.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mantisbt	Mantisbt	< 2.27.2

Related Weaknesses (CWE)

CWE-770

References

FAQ

What is CVE-2025-46556?

CVE-2025-46556 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,78...

How severe is CVE-2025-46556?

CVE-2025-46556 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-46556?

Check the references section above for vendor advisories and patch information. Affected products include: Mantisbt Mantisbt.