HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

BookStack < 25.12.1 Vulnerable to Resource‑Exhaustion Denial‑of‑Service Attack

A proof‑of‑concept exploit can overload BookStack's search endpoint, causing service outages for any organization running versions prior to 25.12.1. TPRM teams should verify patch status and enforce mitigation controls.

LiveThreat™ Intelligence · 📅 May 22, 2026· 📰 exploit-db.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
exploit-db.com

BookStack < 25.12.1 Vulnerable to Resource‑Exhaustion Denial‑of‑Service Attack

What Happened — A proof‑of‑concept exploit targeting BookStack versions prior to 25.12.1 can flood the /search endpoint with a crafted query containing ~180 terms. The query triggers massive OR LIKE clauses, causing full table scans and CPU/memory exhaustion that brings the application offline.

Why It Matters for TPRM

  • Service‑availability risk for any third‑party that hosts or consumes BookStack documentation portals.
  • Potential breach of service‑level agreements (SLAs) with customers relying on continuous access to internal knowledge bases.
  • Highlights the need to verify timely patch management for open‑source components in the supply chain.

Who Is Affected — Organizations across all sectors that self‑host or use a managed BookStack instance (e.g., tech SaaS, education, healthcare, government).

Recommended Actions

  • Verify the BookStack version in use; upgrade to v25.12.1 or later immediately.
  • Apply any interim mitigations (e.g., rate‑limit the search endpoint, disable unauthenticated search).
  • Review vendor or internal patch‑management processes for open‑source software.

Technical Notes — The exploit leverages a resource‑exhaustion vector by sending a massive search term string that forces the backend MySQL engine to execute costly OR LIKE sub‑queries. No CVE assigned yet (pending request ID 1970573). Affected component: BookStack web application (PHP 8.3, MySQL 8.0). Source: https://www.exploit-db.com/exploits/52571

📰 Original Source
https://www.exploit-db.com/exploits/52571

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →