Denial of Service Vulnerability in Microlight JavaScript Library
CVE-2025-45526

2.9LOW

Key Information:

Vendor: Asvd
Status: Microlight
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-45526?

The Microlight JavaScript library, utilized for syntax highlighting, has a vulnerability that allows an attacker to cause a denial of service. This occurs due to the library's failure to restrict the size of textual content processed in HTML elements with the microlight class. If an attacker tricks a user into visiting a malicious site with an excessively large content string (e.g., 100 million characters), the library's reset function will consume excessive CPU and memory resources, resulting in browser crashes or unresponsiveness. It is crucial for developers to address this vulnerability to prevent potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

microlight 0 <= 0.0.7

References

https://gist.github.com/Rootingg/483b09b760d031b62b172f21...

https://github.com/github/advisory-database/pull/5730

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Apr 22, 2025

JSON

Asvd

What is CVE-2025-45526?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.