Which versions of HTACG are affected by CVE-2025-6498?

CVE-2025-6498 is a low-severity vulnerability in A vulnerability classified as problematic (CVSS 3.3).. A patch is available.

Is there a public PoC exploit available for CVE-2025-6498?

Yes, a public proof-of-concept exploit is available for CVE-2025-6498. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-6498?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

HTACG CVE-2025-6498

Q: What is the CVSS score of CVE-2025-6498?

CVE-2025-6498 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2025-18861 LOW

Memory Leak (CWE-401)

2025-06-23 cna@vuldb.com

Information Disclosure

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Ubuntu

MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

3.3 (LOW) 1.9 (LOW)

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 15, 2026 - 22:10 euvd

EUVD-2025-18861

Analysis Generated

Mar 15, 2026 - 22:10 vuln.today

PoC Detected

Sep 30, 2025 - 18:21 vuln.today

Public exploit code

CVE Published

Jun 23, 2025 - 02:15 nvd

LOW 3.3

DescriptionCVE.org

A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Analysis

Vendor StatusVendor

Ubuntu

Priority: Medium

tidy-html5

Release	Status	Version
upstream	needs-triage	-
bionic	deferred	2026-03-11
focal	deferred	2026-03-11
jammy	deferred	2026-03-11
noble	deferred	2026-03-11
oracular	ignored	end of life, was deferred [2026-03-11]
questing	deferred	2026-03-11
plucky	ignored	end of life, was deferred [2026-03-11]

Debian

Bug #1108233

tidy-html5

Release	Status	Fixed Version	Urgency
bookworm, bullseye	vulnerable	2:5.6.0-11	-
trixie	vulnerable	2:5.8.0-2	-
forky, sid	vulnerable	2:5.8.0-2.1	-
(unstable)	fixed	(unfixed)	-

CVE-2025-6498 vulnerability details – vuln.today

Back

HTACG CVE-2025-6498

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code