Home > Vulnerability Database > CVE-2018-25110

Mend.io Vulnerability Database

CVE-2018-25110

Good to know:

Date: May 23, 2025

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service.

Severity Score

7.5

Related Resources (8)

Url: https://github.com/Checkmarx/Vulnerabilities-Proofs-of-Concept/tree/main/2018/CVE-2018-25110

Url: https://github.com/markedjs/marked

Url: https://github.com/markedjs/marked/pull/1083

Url: https://github.com/markedjs/marked/commit/20bfc106013ed45713a21672ad4a34df94dcd485

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-25110

Url: https://security-tracker.debian.org/tracker/CVE-2018-25110

Url: https://github.com/markedjs/marked/issues/1070

Url: https://www.mend.io/vulnerability-database/CVE-2018-25110

Severity Score

7.5

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version marked - 0.3.17;marked - 0.3.17;https://github.com/markedjs/marked.git - v0.3.17

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2018-25110

Good to know:

Date: May 23, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?