← Volver a CVEs
CVE-2025-9670
MEDIUM5.3
Descripcion
A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/29/2025
Ultima modificacion9/2/2025
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-400CWE-1333
Referencias
https://github.com/mixmark-io/turndown/issues/501(cna@vuldb.com)
https://vuldb.com/?ctiid.321880(cna@vuldb.com)
https://vuldb.com/?id.321880(cna@vuldb.com)
https://vuldb.com/?submit.637911(cna@vuldb.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.