mixmark-io turndown commonmark-rules.js redos_CVE-2025-9670

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

Basic Information

ID CVE-2025-9670

Source VulDB

Published Aug 29, 2025 at 19:02

Modified Aug 29, 2025 at 19:19

Affected Product

Vendor mixmark-io

Product turndown

Version 7.2.0

Affected Versions mixmark-io turndown 7.2.0
mixmark-io turndown 7.2.1

CWE Classification

CWE-1333 CWE-400

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.",
    "published": "2025-08-29T19:02:08.787Z",
    "modified": "2025-08-29T19:19:09.813Z",
    "type": "cve",
    "title": "mixmark-io turndown commonmark-rules.js redos",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321880\nhttps://vuldb.com/?ctiid.321880\nhttps://vuldb.com/?submit.637911\nhttps://github.com/mixmark-io/turndown/issues/501\nhttps://github.com/mixmark-io/turndown/issues/501#issue-3336342088",
    "id": "CVE-2025-9670",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1333",
        "CWE-400"
    ],
    "cvelist": null,
    "sourceData": "mixmark-io turndown 7.2.0\nmixmark-io turndown 7.2.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "turndown",
    "version": "7.2.0",
    "vendor": "mixmark-io",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}