CVE-2025-6496

Name of the Vulnerable Software and Affected Versions: HTACG tidy-html5 version 5.8.0

Description: A vulnerability was found in HTACG tidy-html5, affecting the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue is considered to have a low severity and could cause application instability or denial-of-service conditions during HTML parsing.

Recommendations: For HTACG tidy-html5 version 5.8.0, as a temporary workaround, consider disabling the InsertNodeAsParent function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the affected function in the HTML parsing process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.