Security: VULN CVE-2025-6493 in codemirror #7139

New issue

Closed

opened 2025-08-30 09:11:54 +02:00 by marijnh · 1 comment

marijnh commented 2025-08-30 09:11:54 +02:00 (Migrated from gitlab.com)

Copy link

A vulnerability has been discovered in CodeMirror (≤ 5.17.0) affecting the Markdown mode (mode/markdown/markdown.js). This flaw leads to inefficient regular expression complexity, making the component susceptible to a Regular Expression Denial of Service (ReDoS). The exploit can be triggered remotely.

Details

Component: mode/markdown/markdown.js

Vulnerability Type: ReDoS via greedy quantifiers combined with unbounded capture groups—leading to exponential backtracking

CVSS Score:

v3.1: 5.3 (Medium)
v4.0: 5.5 (Medium)

Exploitability:

• The issue is easy to exploit

• Attack can be launched remotely by supplying crafted Markdown input

Impact

This vulnerability allows an attacker to craft Markdown input that causes excessive CPU usage in the affected component. This leads to:

• Service unavailability or performance degradation

• If the component is part of a live user-facing parsing pipeline, it may impair availability of the editor or consuming service

• No direct risk to data integrity or confidentiality, but a clear DoS vector exists

A vulnerability has been discovered in CodeMirror (≤ 5.17.0) affecting the Markdown mode (mode/markdown/markdown.js). This flaw leads to inefficient regular expression complexity, making the component susceptible to a Regular Expression Denial of Service (ReDoS). The exploit can be triggered remotely. ## Details **Component**: mode/markdown/markdown.js **Vulnerability Type**: ReDoS via greedy quantifiers combined with unbounded capture groups—leading to exponential backtracking **CVSS Score**: v3.1: 5.3 (Medium) v4.0: 5.5 (Medium) Exploitability: - The issue is easy to exploit - Attack can be launched remotely by supplying crafted Markdown input ## Impact This vulnerability allows an attacker to craft Markdown input that causes excessive CPU usage in the affected component. This leads to: - Service unavailability or performance degradation - If the component is part of a live user-facing parsing pipeline, it may impair availability of the editor or consuming service - No direct risk to data integrity or confidentiality, but a clear DoS vector exists

marijnh commented 2025-09-01 17:46:15 +02:00 (Migrated from gitlab.com)

Copy link

Duplicated of https://github.com/codemirror/codemirror5/issues/7128, it looks like.

Duplicated of https://github.com/codemirror/codemirror5/issues/7128, it looks like.

marijnh (Migrated from gitlab.com) closed this issue 2025-09-01 17:46:15 +02:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

github/fork/rlaiola/feat/sql-mode-mysql8-updates

github/fork/jmeis/jm/7128

github/fork/yukozh/patch-1

github/fork/mihailik/master

github/fork/erosman/patch-8

github/fork/Realetive/master

delay-blur

github/fork/odidev/arm_support

github/fork/gkucmierz/issue/6258

github/fork/Zenkit/bugfix/chrome-touchend-event

github/fork/sguiheux/patch-1

github/fork/sterlp/master

github/fork/goodmind/master

github/fork/AlexanderPrendota/kotlin-mode-brace

github/fork/goofiw/master

github/fork/alexisdoualle/isolates

luaElectricDedent

github/fork/demoore/patch-1

github/fork/ACGC/master

github/fork/ckosmowski/option-origins

coordsCharRtlPerf

rtlMode

github/fork/crazy4chrissi/sqlHintQuoteBug

github/fork/riverdusty/master

github/fork/dayorbyte/subword-movement

github/fork/internetguru/skipSelection

github/fork/vanderlee/overwrite-cursor

github/fork/colelawrence/issue-3695

github/fork/mihailik/patch-7

direction

v3

v2

5.65.21

5.65.20

5.65.19

5.65.18

5.65.17

5.65.16

5.65.15

5.65.14

5.65.13

5.65.12

5.65.11

5.65.10

5.65.9

5.65.8

5.65.7

5.65.6

5.65.5

5.65.4

5.65.3

5.65.2

5.65.1

5.65.0

5.64.0

5.63.3

5.63.2

5.63.1

5.63.0

5.62.3

5.62.2

5.62.1

5.62.0

5.61.1

5.61.0

5.60.0

5.59.4

5.59.3

5.59.2

5.59.1

5.59.0

5.58.3

5.58.2

5.58.1

5.58.0

5.57.0

5.56.0

5.55.0

5.54.0

5.53.2

5.53.0

5.52.2

5.52.0

5.51.0

5.50.2

5.50.0

5.49.2

5.49.0

5.48.4

5.48.2

5.48.0

5.47.0

5.46.0

5.45.0

5.44.0

5.43.0

5.42.2

5.42.0

5.41.0

5.40.2

5.40.0

5.39.2

5.39.0

5.38.0

5.37.0

5.36.0

5.35.0

5.34.0

5.33.0

5.32.0

5.31.0

5.30.0

5.29.0

5.28.0

5.27.4

5.27.2

5.27.0

5.26.0

5.25.2

5.25.0

5.24.2

5.24.0

5.23.0

5.22.2

5.22.0

5.21.0

5.20.2

5.20.0

5.19.0

5.18.2

5.18.0

5.17.0

5.16.0

5.15.2

5.15.0

5.14.2

5.14.0

5.13.4

5.13.2

5.13.0

5.12.0

5.11.0

5.10.0

5.9.0

5.8.0

5.7.0

5.6.0

5.5.0

5.4.0

5.3.0

5.2.0

5.1.0

5.0.0

4.13.0

4.12.0

4.11.0

4.10.0

4.9.0

4.8.0

4.7.0

4.6.0

4.5.0

4.4.0

4.3.0

4.2.0

4.1.0

3.24.0

4.0.3

3.23.0

4.0.2

4.0.1

3.22.0

v4_beta2

v4_beta1

3.21.0

3.20.0

3.19.0

3.18.0

3.17.0

3.16.0

3.15.0

3.14.0

3.13.0

v3.12

v3.11

v3.1

v3.02

v3.01

v2.38

v2.37

v3.0

v3.0rc2

v3.0rc1

v2.36

v3.0beta2

v2.35

v3.0beta1

v2.34

v2.33

v2.32

v2.31

v2.3

v2.25

v2.24

v2.23

v2.22

v2.21

v2.2

v2.18

v2.17

v2.16

v2.15

v2.14

v2.13

v2.12

v2.11

v2.1

v2.02

v2.01

v2.0

beta2

beta1

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

codemirror/codemirror5#7139

No description provided.