cvelistv5 - CVE-2025-6493

CVE-2025-6493 (GCVE-0-2025-6493)

Vulnerability from cvelistv5 – Published: 2025-06-22 22:00 – Updated: 2025-09-29 13:48

Title

CodeMirror Markdown Mode markdown.js redos

Summary

A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE

CWE-1333 - Inefficient Regular Expression Complexity
CWE-400 - Resource Consumption

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.313610	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.313610	signaturepermissions-required
	https://vuldb.com/?submit.598875	third-party-advisory
	https://github.com/codemirror/codemirror5/issues/7128	exploitissue-tracking

Impacted products

	Vendor	Product	Version
	n/a	CodeMirror	Affected: 5.65.0 Affected: 5.65.1 Affected: 5.65.2 Affected: 5.65.3 Affected: 5.65.4 Affected: 5.65.5 Affected: 5.65.6 Affected: 5.65.7 Affected: 5.65.8 Affected: 5.65.9 Affected: 5.65.10 Affected: 5.65.11 Affected: 5.65.12 Affected: 5.65.13 Affected: 5.65.14 Affected: 5.65.15 Affected: 5.65.16 Affected: 5.65.17 Affected: 5.65.18 Affected: 5.65.19 Affected: 5.65.20 Unaffected: 6.0

Credits

DayShift (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6493",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-23T15:43:06.172562Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-23T16:15:08.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Markdown Mode"
          ],
          "product": "CodeMirror",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "5.65.0"
            },
            {
              "status": "affected",
              "version": "5.65.1"
            },
            {
              "status": "affected",
              "version": "5.65.2"
            },
            {
              "status": "affected",
              "version": "5.65.3"
            },
            {
              "status": "affected",
              "version": "5.65.4"
            },
            {
              "status": "affected",
              "version": "5.65.5"
            },
            {
              "status": "affected",
              "version": "5.65.6"
            },
            {
              "status": "affected",
              "version": "5.65.7"
            },
            {
              "status": "affected",
              "version": "5.65.8"
            },
            {
              "status": "affected",
              "version": "5.65.9"
            },
            {
              "status": "affected",
              "version": "5.65.10"
            },
            {
              "status": "affected",
              "version": "5.65.11"
            },
            {
              "status": "affected",
              "version": "5.65.12"
            },
            {
              "status": "affected",
              "version": "5.65.13"
            },
            {
              "status": "affected",
              "version": "5.65.14"
            },
            {
              "status": "affected",
              "version": "5.65.15"
            },
            {
              "status": "affected",
              "version": "5.65.16"
            },
            {
              "status": "affected",
              "version": "5.65.17"
            },
            {
              "status": "affected",
              "version": "5.65.18"
            },
            {
              "status": "affected",
              "version": "5.65.19"
            },
            {
              "status": "affected",
              "version": "5.65.20"
            },
            {
              "status": "unaffected",
              "version": "6.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "DayShift (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that \"CodeMirror 6 exists, and is [...] much more actively maintained.\""
        },
        {
          "lang": "de",
          "value": "In CodeMirror up to 5.65.20 wurde eine Schwachstelle gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei mode/markdown/markdown.js der Komponente Markdown Mode. Durch Beeinflussen mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Das Problem kann durch ein Upgrade auf Version 6.0 adressiert werden. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T13:48:37.784Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-313610 | CodeMirror Markdown Mode markdown.js redos",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.313610"
        },
        {
          "name": "VDB-313610 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.313610"
        },
        {
          "name": "Submit #598875 | codemirror codemirror5 \u003c=5.17.0 Inefficient Regular Expression Complexity",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.598875"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/codemirror/codemirror5/issues/7128"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-06-22T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-29T15:53:16.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "CodeMirror Markdown Mode markdown.js redos"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-6493",
    "datePublished": "2025-06-22T22:00:10.483Z",
    "dateReserved": "2025-06-22T06:17:29.313Z",
    "dateUpdated": "2025-09-29T13:48:37.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-6493\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-06-22T22:15:22.430\",\"lastModified\":\"2025-09-29T14:16:45.380\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that \\\"CodeMirror 6 exists, and is [...] much more actively maintained.\\\"\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en CodeMirror hasta la versi\u00f3n 5.17.0 y se clasific\u00f3 como problem\u00e1tica. Este problema afecta a una funcionalidad desconocida del archivo mode/markdown/markdown.js del componente Markdown Mode. La manipulaci\u00f3n genera una complejidad ineficiente en las expresiones regulares. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. No se pueden encontrar todos los ejemplos de c\u00f3digo mencionados en el problema de GitHub. El repositorio menciona que \u00abCodeMirror 6 existe y se mantiene de forma mucho m\u00e1s activa\u00bb.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"references\":[{\"url\":\"https://github.com/codemirror/codemirror5/issues/7128\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.313610\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.313610\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.598875\",\"source\":\"cna@vuldb.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-6493\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-23T15:43:06.172562Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-23T15:43:15.272Z\"}}], \"cna\": {\"title\": \"CodeMirror Markdown Mode markdown.js redos\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"DayShift (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 5, \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C\"}}], \"affected\": [{\"vendor\": \"n/a\", \"modules\": [\"Markdown Mode\"], \"product\": \"CodeMirror\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.65.0\"}, {\"status\": \"affected\", \"version\": \"5.65.1\"}, {\"status\": \"affected\", \"version\": \"5.65.2\"}, {\"status\": \"affected\", \"version\": \"5.65.3\"}, {\"status\": \"affected\", \"version\": \"5.65.4\"}, {\"status\": \"affected\", \"version\": \"5.65.5\"}, {\"status\": \"affected\", \"version\": \"5.65.6\"}, {\"status\": \"affected\", \"version\": \"5.65.7\"}, {\"status\": \"affected\", \"version\": \"5.65.8\"}, {\"status\": \"affected\", \"version\": \"5.65.9\"}, {\"status\": \"affected\", \"version\": \"5.65.10\"}, {\"status\": \"affected\", \"version\": \"5.65.11\"}, {\"status\": \"affected\", \"version\": \"5.65.12\"}, {\"status\": \"affected\", \"version\": \"5.65.13\"}, {\"status\": \"affected\", \"version\": \"5.65.14\"}, {\"status\": \"affected\", \"version\": \"5.65.15\"}, {\"status\": \"affected\", \"version\": \"5.65.16\"}, {\"status\": \"affected\", \"version\": \"5.65.17\"}, {\"status\": \"affected\", \"version\": \"5.65.18\"}, {\"status\": \"affected\", \"version\": \"5.65.19\"}, {\"status\": \"affected\", \"version\": \"5.65.20\"}, {\"status\": \"unaffected\", \"version\": \"6.0\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-06-22T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-06-22T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-09-29T15:53:16.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.313610\", \"name\": \"VDB-313610 | CodeMirror Markdown Mode markdown.js redos\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.313610\", \"name\": \"VDB-313610 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.598875\", \"name\": \"Submit #598875 | codemirror codemirror5 \u003c=5.17.0 Inefficient Regular Expression Complexity\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/codemirror/codemirror5/issues/7128\", \"tags\": [\"exploit\", \"issue-tracking\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that \\\"CodeMirror 6 exists, and is [...] much more actively maintained.\\\"\"}, {\"lang\": \"de\", \"value\": \"In CodeMirror up to 5.65.20 wurde eine Schwachstelle gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei mode/markdown/markdown.js der Komponente Markdown Mode. Durch Beeinflussen mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \\u00fcber das Netzwerk erfolgen. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung. Das Problem kann durch ein Upgrade auf Version 6.0 adressiert werden. Als bestm\\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"Inefficient Regular Expression Complexity\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-09-29T13:48:37.784Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-6493\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-29T13:48:37.784Z\", \"dateReserved\": \"2025-06-22T06:17:29.313Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-06-22T22:00:10.483Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-PFF4-9QXC-79MQ

Vulnerability from github – Published: 2025-06-23 00:30 – Updated: 2025-06-23 00:30

Details

A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.5 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-6493"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-22T22:15:22Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that \"CodeMirror 6 exists, and is [...] much more actively maintained.\"",
  "id": "GHSA-pff4-9qxc-79mq",
  "modified": "2025-06-23T00:30:19Z",
  "published": "2025-06-23T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6493"
    },
    {
      "type": "WEB",
      "url": "https://github.com/codemirror/codemirror5/issues/7128"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.313610"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.313610"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.598875"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CERTFR-2025-AVI-1131

Vulnerability from certfr_avis - Published: 2025-12-19 - Updated: 2025-12-19

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Db2 Warehouse	Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.0
IBM	QRadar SIEM	QRadar SIEM versions 7.5.0 versions antérieures à 7.5.0 UP14 IF03
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.0.x antérieures à 6.3.0.16
IBM	QRadar	QRadar Suite Software versions 1.11.x antérieures à 1.11.8.0
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.4.0.x antérieures à 6.4.0.5
IBM	Sterling Partner Engagement Manager Standard Edition	Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x antérieures à 6.2.4.5
IBM	Sterling Partner Engagement Manager Standard Edition	Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x antérieures à 6.2.3.5
IBM	Db2	Db2 on Cloud Pak for Data versions antérieures à 5.3.0
IBM	Cognos Dashboards	Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.3
IBM	Db2	Db2 Intelligence Center versions 1.1.x antérieures à 1.1.3.0
IBM	Sterling Partner Engagement Manager Essentials Edition	Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x antérieures à 6.2.4.2
IBM	Sterling Partner Engagement Manager Essentials Edition	Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x antérieures à 6.2.3.5

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7252732	2025-12-15	vendor-advisory
Bulletin de sécurité IBM 7254815	2025-12-15	vendor-advisory
Bulletin de sécurité IBM 7255060	2025-12-17	vendor-advisory
Bulletin de sécurité IBM 7255154	2025-12-17	vendor-advisory
Bulletin de sécurité IBM 7255095	2025-12-17	vendor-advisory
Bulletin de sécurité IBM 7254849	2025-12-16	vendor-advisory
Bulletin de sécurité IBM 7254850	2025-12-16	vendor-advisory
Bulletin de sécurité IBM 7255160	2025-12-17	vendor-advisory
Bulletin de sécurité IBM 7255065	2025-12-17	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.0",
      "product": {
        "name": "Db2 Warehouse",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.0 versions ant\u00e9rieures \u00e0 7.5.0 UP14 IF03",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.16",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Suite Software versions 1.11.x ant\u00e9rieures \u00e0 1.11.8.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.5",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.5 ",
      "product": {
        "name": "Sterling Partner Engagement Manager Standard Edition",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5 ",
      "product": {
        "name": "Sterling Partner Engagement Manager Standard Edition",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.0",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.3",
      "product": {
        "name": "Cognos Dashboards",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Intelligence Center versions 1.1.x ant\u00e9rieures \u00e0 1.1.3.0",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
      "product": {
        "name": "Sterling Partner Engagement Manager Essentials Edition",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
      "product": {
        "name": "Sterling Partner Engagement Manager Essentials Edition",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-6395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
    },
    {
      "name": "CVE-2025-2534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2534"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2025-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
    },
    {
      "name": "CVE-2024-38286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
    },
    {
      "name": "CVE-2025-8941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
    },
    {
      "name": "CVE-2021-26272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26272"
    },
    {
      "name": "CVE-2025-41234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
    },
    {
      "name": "CVE-2025-39761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39761"
    },
    {
      "name": "CVE-2024-49350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49350"
    },
    {
      "name": "CVE-2025-39883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39883"
    },
    {
      "name": "CVE-2025-36131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36131"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2025-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
    },
    {
      "name": "CVE-2024-47118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47118"
    },
    {
      "name": "CVE-2021-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2022-30635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
    },
    {
      "name": "CVE-2021-47621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47621"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2022-21299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
    },
    {
      "name": "CVE-2024-45341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2025-61912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61912"
    },
    {
      "name": "CVE-2022-21305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
    },
    {
      "name": "CVE-2025-55198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55198"
    },
    {
      "name": "CVE-2025-5372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2022-25927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25927"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2025-1992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1992"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
    },
    {
      "name": "CVE-2025-36136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36136"
    },
    {
      "name": "CVE-2025-38724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38724"
    },
    {
      "name": "CVE-2020-9493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
    },
    {
      "name": "CVE-2025-36008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36008"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2025-47906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
    },
    {
      "name": "CVE-2025-39718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39718"
    },
    {
      "name": "CVE-2025-59375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
    },
    {
      "name": "CVE-2024-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2025-58188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
    },
    {
      "name": "CVE-2025-36006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36006"
    },
    {
      "name": "CVE-2023-34055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34055"
    },
    {
      "name": "CVE-2025-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
    },
    {
      "name": "CVE-2025-55182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55182"
    },
    {
      "name": "CVE-2025-38079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
    },
    {
      "name": "CVE-2025-6493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6493"
    },
    {
      "name": "CVE-2025-6020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
    },
    {
      "name": "CVE-2021-2369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2025-33012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33012"
    },
    {
      "name": "CVE-2024-56337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
    },
    {
      "name": "CVE-2025-5187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
    },
    {
      "name": "CVE-2025-61723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
    },
    {
      "name": "CVE-2025-41235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41235"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2023-53539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53539"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-61725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
    },
    {
      "name": "CVE-2021-2388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
    },
    {
      "name": "CVE-2025-39955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
    },
    {
      "name": "CVE-2025-32990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
    },
    {
      "name": "CVE-2025-2518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2518"
    },
    {
      "name": "CVE-2024-41946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
    },
    {
      "name": "CVE-2022-21365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
    },
    {
      "name": "CVE-2025-32989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
    },
    {
      "name": "CVE-2024-38827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38827"
    },
    {
      "name": "CVE-2025-38292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38292"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-55199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55199"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2025-59250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59250"
    },
    {
      "name": "CVE-2025-1493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1493"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2025-3050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3050"
    },
    {
      "name": "CVE-2022-21294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
    },
    {
      "name": "CVE-2025-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
    },
    {
      "name": "CVE-2021-26271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26271"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2024-38821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38821"
    },
    {
      "name": "CVE-2025-58187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
    },
    {
      "name": "CVE-2025-39825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39825"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2025-32988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
    },
    {
      "name": "CVE-2024-34750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
    },
    {
      "name": "CVE-2022-21341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
    },
    {
      "name": "CVE-2023-53401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53401"
    },
    {
      "name": "CVE-2025-47913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2025-24294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
    },
    {
      "name": "CVE-2025-0915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0915"
    },
    {
      "name": "CVE-2022-21340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
    },
    {
      "name": "CVE-2022-21293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
    },
    {
      "name": "CVE-2025-38351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38351"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2024-52903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52903"
    },
    {
      "name": "CVE-2022-21282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
    },
    {
      "name": "CVE-2022-21349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
    },
    {
      "name": "CVE-2025-32415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
    },
    {
      "name": "CVE-2025-46653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
    },
    {
      "name": "CVE-2025-22235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
    },
    {
      "name": "CVE-2021-28861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
    },
    {
      "name": "CVE-2022-21248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
    },
    {
      "name": "CVE-2018-14721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
    },
    {
      "name": "CVE-2025-32414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
    },
    {
      "name": "CVE-2025-2900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
    },
    {
      "name": "CVE-2025-0426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0426"
    },
    {
      "name": "CVE-2020-9281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9281"
    },
    {
      "name": "CVE-2024-50301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2025-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1000"
    },
    {
      "name": "CVE-2022-3697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3697"
    },
    {
      "name": "CVE-2025-8058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
    },
    {
      "name": "CVE-2023-53513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53513"
    },
    {
      "name": "CVE-2025-33134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33134"
    },
    {
      "name": "CVE-2024-50379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
    },
    {
      "name": "CVE-2025-5914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
    },
    {
      "name": "CVE-2023-39804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39804"
    },
    {
      "name": "CVE-2025-58754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2024-22354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2024-41123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
    },
    {
      "name": "CVE-2025-6442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2022-50543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50543"
    },
    {
      "name": "CVE-2025-22227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2022-21360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
    },
    {
      "name": "CVE-2025-61911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61911"
    },
    {
      "name": "CVE-2022-21296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
    },
    {
      "name": "CVE-2025-14687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14687"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2025-47287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
    },
    {
      "name": "CVE-2024-49761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    },
    {
      "name": "CVE-2025-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36185"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "initial_release_date": "2025-12-19T00:00:00",
  "last_revision_date": "2025-12-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1131",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-12-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252732",
      "url": "https://www.ibm.com/support/pages/node/7252732"
    },
    {
      "published_at": "2025-12-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7254815",
      "url": "https://www.ibm.com/support/pages/node/7254815"
    },
    {
      "published_at": "2025-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255060",
      "url": "https://www.ibm.com/support/pages/node/7255060"
    },
    {
      "published_at": "2025-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255154",
      "url": "https://www.ibm.com/support/pages/node/7255154"
    },
    {
      "published_at": "2025-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255095",
      "url": "https://www.ibm.com/support/pages/node/7255095"
    },
    {
      "published_at": "2025-12-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7254849",
      "url": "https://www.ibm.com/support/pages/node/7254849"
    },
    {
      "published_at": "2025-12-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7254850",
      "url": "https://www.ibm.com/support/pages/node/7254850"
    },
    {
      "published_at": "2025-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255160",
      "url": "https://www.ibm.com/support/pages/node/7255160"
    },
    {
      "published_at": "2025-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255065",
      "url": "https://www.ibm.com/support/pages/node/7255065"
    }
  ]
}

FKIE_CVE-2025-6493

Vulnerability from fkie_nvd - Published: 2025-06-22 22:15 - Updated: 2025-09-29 14:16

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

	URL	Tags
	cna@vuldb.com	https://github.com/codemirror/codemirror5/issues/7128
	cna@vuldb.com	https://vuldb.com/?ctiid.313610
	cna@vuldb.com	https://vuldb.com/?id.313610
	cna@vuldb.com	https://vuldb.com/?submit.598875

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that \"CodeMirror 6 exists, and is [...] much more actively maintained.\""
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad en CodeMirror hasta la versi\u00f3n 5.17.0 y se clasific\u00f3 como problem\u00e1tica. Este problema afecta a una funcionalidad desconocida del archivo mode/markdown/markdown.js del componente Markdown Mode. La manipulaci\u00f3n genera una complejidad ineficiente en las expresiones regulares. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. No se pueden encontrar todos los ejemplos de c\u00f3digo mencionados en el problema de GitHub. El repositorio menciona que \u00abCodeMirror 6 existe y se mantiene de forma mucho m\u00e1s activa\u00bb."
    }
  ],
  "id": "CVE-2025-6493",
  "lastModified": "2025-09-29T14:16:45.380",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-22T22:15:22.430",
  "references": [
    {
      "source": "cna@vuldb.com",
      "url": "https://github.com/codemirror/codemirror5/issues/7128"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?ctiid.313610"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?id.313610"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?submit.598875"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        },
        {
          "lang": "en",
          "value": "CWE-1333"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-6493 (GCVE-0-2025-6493)

GHSA-PFF4-9QXC-79MQ

CERTFR-2025-AVI-1131

Solutions

FKIE_CVE-2025-6493

Tags

Sightings

Nomenclature