BookStack < 25.12.1 Vulnerable to Resource‑Exhaustion Denial‑of‑Service Attack
What Happened — A proof‑of‑concept exploit targeting BookStack versions prior to 25.12.1 can flood the /search endpoint with a crafted query containing ~180 terms. The query triggers massive OR LIKE clauses, causing full table scans and CPU/memory exhaustion that brings the application offline.
Why It Matters for TPRM —
- Service‑availability risk for any third‑party that hosts or consumes BookStack documentation portals.
- Potential breach of service‑level agreements (SLAs) with customers relying on continuous access to internal knowledge bases.
- Highlights the need to verify timely patch management for open‑source components in the supply chain.
Who Is Affected — Organizations across all sectors that self‑host or use a managed BookStack instance (e.g., tech SaaS, education, healthcare, government).
Recommended Actions —
- Verify the BookStack version in use; upgrade to v25.12.1 or later immediately.
- Apply any interim mitigations (e.g., rate‑limit the search endpoint, disable unauthenticated search).
- Review vendor or internal patch‑management processes for open‑source software.
Technical Notes — The exploit leverages a resource‑exhaustion vector by sending a massive search term string that forces the backend MySQL engine to execute costly OR LIKE sub‑queries. No CVE assigned yet (pending request ID 1970573). Affected component: BookStack web application (PHP 8.3, MySQL 8.0). Source: https://www.exploit-db.com/exploits/52571