Denial of Service Vulnerability in Microlight JavaScript Library
CVE-2025-45526

2.9LOW

Key Information:

Vendor: Asvd
Status: Microlight
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-45526?

The Microlight JavaScript library, utilized for syntax highlighting, has a vulnerability that allows an attacker to cause a denial of service. This occurs due to the library's failure to restrict the size of textual content processed in HTML elements with the microlight class. If an attacker tricks a user into visiting a malicious site with an excessively large content string (e.g., 100 million characters), the library's reset function will consume excessive CPU and memory resources, resulting in browser crashes or unresponsiveness. It is crucial for developers to address this vulnerability to prevent potential exploitation.

Affected Version(s)

microlight 0 <= 0.0.7

References

https://gist.github.com/Rootingg/483b09b760d031b62b172f21...

https://github.com/github/advisory-database/pull/5730

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Apr 22, 2025

JSON

Asvd

What is CVE-2025-45526?

Affected Version(s)

References

CVSS V3.1

Timeline