CVE-2025-45526

Name of the Vulnerable Software and Affected Versions microlight version 0.0.7

Description A denial of service issue has been identified in the microlight JavaScript library. The library does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content is processed, the reset function in microlight.js consumes excessive memory and CPU resources, causing browser crashes or unresponsiveness. An attacker can exploit this by tricking a user into visiting a malicious web page containing a microlight element with large content.

Recommendations For microlight version 0.0.7, consider disabling the library until a patch is available to prevent denial of service attacks. Restrict access to web pages that use the microlight library to minimize the risk of exploitation. Avoid using the microlight library for syntax highlighting until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.