CVE-2025-66400

| EUVD-2025-200113 MEDIUM
2025-12-01 [email protected] GHSA-4fh9-h7wg-q85m
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 15, 2026 - 13:34 euvd
EUVD-2025-200113
Analysis Generated
Mar 15, 2026 - 13:34 vuln.today
Patch Released
Mar 15, 2026 - 13:34 nvd
Patch available
CVE Published
Dec 01, 2025 - 23:15 nvd
MEDIUM 5.3

Tags

Information Disclosure Mdast Util To Hast Redhat Suse

Description

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This vulnerability is fixed in 13.2.1.

Analysis

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This vulnerability is fixed in 13.2.1.

Technical Context

This vulnerability is classified as Improper Input Validation (CWE-20).

Affected Products

Affected products: Unifiedjs Mdast-Util-To-Hast

Remediation

A vendor patch is available. Apply it as soon as possible and verify the fix.

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +26
POC: 0

Vendor Status

Share

CVE-2025-66400 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy