Skip to main content

Ubuntu CVE-2025-6493

| EUVDEUVD-2025-28740 MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2025-06-22 cna@vuldb.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 21:55 euvd
EUVD-2025-28740
Analysis Generated
Mar 15, 2026 - 21:55 vuln.today
CVE Published
Jun 22, 2025 - 22:15 nvd
MEDIUM 5.3

DescriptionCVE.org

A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."

Analysis

A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400).

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Vendor StatusVendor

Ubuntu

Priority: Medium
codemirror-js
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
upstream needs-triage -
plucky ignored end of life, was needs-triage
oracular ignored end of life, was needs-triage
questing needs-triage -

Debian

Bug #1108477
codemirror-js
Release Status Fixed Version Urgency
bullseye vulnerable 5.59.2+~cs0.23.109-1 -
bookworm vulnerable 5.65.0+~cs5.83.9-2 -
trixie vulnerable 5.65.0+~cs5.83.9-3 -
forky, sid vulnerable 5.65.20+~cs5.83.25-1 -
(unstable) fixed (unfixed) -

Share

CVE-2025-6493 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy