Sensitive Data Exposure in Docusaurus Plugin by webbertakken
CVE-2025-53624

10CRITICAL

Key Information:

Vendor: Webbertakken
Status: Docusaurus-plugin-content-gists
Vendor: CVE Published:; 9 July 2025

🔔 Create Webbertakken Vulnerability Alert

What is CVE-2025-53624?

The Docusaurus gists plugin introduces a vulnerability that allows GitHub Personal Access Tokens to be exposed in production build artifacts. This occurs when tokens, which are meant solely for build-time API access, are improperly included in client-side JavaScript bundles through plugin configuration. As a result, anyone with access to the website's source code can retrieve these sensitive tokens. To mitigate this issue, it is crucial to upgrade to version 4.0.0 or later, which addresses the vulnerability effectively.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

docusaurus-plugin-content-gists < 4.0.0

References

https://github.com/webbertakken/docusaurus-plugin-content...

x_refsource_CONFIRM

https://github.com/webbertakken/docusaurus-plugin-content...

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Jul 7, 2025

JSON

Webbertakken

What is CVE-2025-53624?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.