Null Pointer Dereference Vulnerability in Microlight.js by Unknown Vendor
CVE-2025-45525

2.9LOW

Key Information:

Vendor: Asvd
Status: Microlight
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-45525?

A null pointer dereference vulnerability occurs in Microlight.js version 0.0.7, a lightweight syntax highlighting library. This issue arises when the library processes elements with non-standard CSS color values. It fails to validate the results of a regular expression match, which can lead to attempting to access properties on a null object. As a result, this bug could cause an uncaught TypeError, potentially crashing the application utilizing the library.

Affected Version(s)

microlight 0 <= 0.0.7

References

https://gist.github.com/Rootingg/843368931f70886bed3cf982...

https://github.com/github/advisory-database/pull/5730

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Apr 22, 2025

JSON

Asvd

What is CVE-2025-45525?

Affected Version(s)

References

CVSS V3.1

Timeline