CVE-2025-6497

Name of the Vulnerable Software and Affected Versions: HTACG tidy-html5 version 5.8.0

Description: A vulnerability was found in HTACG tidy-html5, affecting the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to a reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Recommendations: For HTACG tidy-html5 version 5.8.0, as a temporary workaround, consider disabling the prvTidyParseNamespace function until a patch is available. Restrict access to the src/parser.c file to minimize the risk of exploitation. Avoid using the affected function in local attacks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.