Home > Vulnerability Database > CVE-2025-6493

Mend.io Vulnerability Database

CVE-2025-6493

Good to know:

Date: June 22, 2025

A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained." - While the issue was reported up to version 5.17.0, the problematic patterns persisted in versions after that. In version 6.x, the issue has been resolved.

Severity Score

8.4

Related Resources (6)

Url: https://vuldb.com/?id.313610

Url: https://vuldb.com/?submit.598875

Url: https://vuldb.com/?ctiid.313610

Url: https://github.com/codemirror/codemirror5/issues/7128

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-6493

Url: https://www.mend.io/vulnerability-database/CVE-2025-6493

Severity Score

8.4

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version https://github.com/codemirror/codemirror5.git - null

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-6493

Good to know:

Date: June 22, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?