CVE-2025-66400

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions mdast-util-to-hast versions 13.0.0 through 13.2.0

Description mdast-util-to-hast, a utility used to transform markdown to HTML, has an issue where multiple, unprefixed classnames could be added to markdown source using character references. This could cause user-supplied markdown code elements to visually blend with the rest of the page.

Recommendations Update to version 13.2.1 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-915

Related Identifiers

CVE-2025-66400

GHSA-4FH9-H7WG-Q85M

Affected Products

Mdast-Util-To-Hast

CVE-2025-66400

Weakness Enumeration

Related Identifiers

Affected Products

References · 14