PT-2025-26570 · Unknown+1 · Codemirror+1
Dayshift
·
Published
2025-06-22
·
Updated
2025-06-24
·
CVE-2025-6493
CVSS v4.0
5.5
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
CodeMirror versions up to 5.17.0
Description:
A vulnerability was found in the Markdown Mode component, specifically in the file mode/markdown/markdown.js, leading to inefficient regular expression complexity. This issue can be exploited remotely. The problem is related to some unknown functionality of the component. It is noted that CodeMirror 6 is more actively maintained, implying that the vulnerable version may be outdated.
Recommendations:
For CodeMirror versions up to 5.17.0, consider updating to a newer version, as CodeMirror 6 is mentioned to be more actively maintained, which may include fixes for the issue. As a temporary workaround, consider restricting the use of the Markdown Mode component until a patch is available.
Exploit
Fix
Resource Exhaustion
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Codemirror
Debian