Skip to main content

HTACG CVE-2025-6496

| EUVDEUVD-2025-18857 LOW
Improper Resource Shutdown or Release (CWE-404)
2025-06-23 cna@vuldb.com
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Ubuntu
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
CVSS changed
Apr 29, 2026 - 01:11 NVD
3.3 (LOW) 1.9 (LOW)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 22:10 euvd
EUVD-2025-18857
Analysis Generated
Mar 15, 2026 - 22:10 vuln.today
CVE Published
Jun 23, 2025 - 00:15 nvd
LOW 3.3

DescriptionCVE.org

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Analysis

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Vendor StatusVendor

Ubuntu

Priority: Medium
tidy-html5
Release Status Version
upstream needs-triage -
bionic deferred 2026-03-11
focal deferred 2026-03-11
jammy deferred 2026-03-11
noble deferred 2026-03-11
oracular ignored end of life, was deferred [2026-03-11]
plucky ignored end of life, was deferred [2026-03-11]
questing deferred 2026-03-11

Debian

Bug #1108235
tidy-html5
Release Status Fixed Version Urgency
bookworm, bullseye vulnerable 2:5.6.0-11 -
trixie vulnerable 2:5.8.0-2 -
forky, sid vulnerable 2:5.8.0-2.1 -
(unstable) fixed (unfixed) -

Share

CVE-2025-6496 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy