CVE-2025-69534

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Python-Markdown versions prior to 3.8.1

Description A flaw exists in Python-Markdown version 3.8 where improperly formed HTML-like sequences can trigger an unhandled AssertionError within the html.parser.HTMLParser during Markdown processing. Because Python-Markdown does not handle this exception, applications processing attacker-controlled Markdown may experience crashes. This can lead to a remote, unauthenticated Denial of Service in various systems, including web applications, documentation systems, and CI/CD pipelines that render untrusted Markdown. The issue may also result in Information Disclosure through uncaught exceptions.

Recommendations Update to Python-Markdown version 3.8.1 or later.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-248

Related Identifiers

ALSA-2026:19155

CVE-2025-69534

GHSA-5WMX-573V-2QWQ

PYSEC-2026-89

RHSA-2026:13508

RHSA-2026:13512

RHSA-2026:14835

RHSA-2026:14873

RHSA-2026:14874

RHSA-2026:19155

RHSA-2026:19366

SUSE-SU-2026:0846-1

Affected Products

Python-Markdown

CVE-2025-69534

Weakness Enumeration

Related Identifiers

Affected Products

References · 42