CVE-2025-5897

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions vuejs vue-cli versions up to 5.0.8

Description A vulnerability was found in the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.

Recommendations For versions up to 5.0.8, consider updating to a version that contains a fix for this issue, as the current version is affected by inefficient regular expression complexity in the HtmlPwaPlugin function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1333

Related Identifiers

CVE-2025-5897

GHSA-79VF-HF9F-J9Q8

Affected Products

Vue-Cli

CVE-2025-5897

Weakness Enumeration

Related Identifiers

Affected Products

References · 11