CVE-2025-58451

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Cattown versions prior to 1.0.2

Description: Cattown is a JavaScript markdown parser susceptible to denial of service. The parser utilizes regular expressions with inefficient complexity, potentially leading to exponential worst-case backtracking. Processing crafted inputs can cause excessive CPU usage, potentially leading to resource exhaustion.

Recommendations: Update to version 1.0.2 or later. Review and restrict input sources if untrusted inputs are processed.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1333

Related Identifiers

CVE-2025-58451

GHSA-455V-W7R9-3VV9

Affected Products

Cattown

CVE-2025-58451

Weakness Enumeration

Related Identifiers

Affected Products

References · 12