CVE-2025-24981

Name of the Vulnerable Software and Affected Versions: @nuxtjs/mdc versions prior to 0.13.3

Description: The issue arises from unsafe parsing logic of the URL from markdown, which can lead to arbitrary JavaScript code execution due to a bypass of the existing guards around the javascript: protocol scheme in the URL. The parsing logic implements a deny-list approach to filtering potential malicious payload by matching protocol schemes like javascript: and others. However, these security guards can be bypassed by an adversarial that provides JavaScript URLs with HTML entities encoded via hex string. Users who consume this library and perform markdown parsing from unvalidated sources could result in rendering vulnerable XSS anchor links.

Recommendations: To resolve the issue, upgrade to version 0.13.3. As a temporary workaround, consider restricting the use of the parseMarkdown function from @nuxtjs/mdc/runtime until a patch is applied, and avoid using unvalidated sources for markdown parsing. Additionally, restrict access to the props.ts module to minimize the risk of exploitation.