Resource Exhaustion Vulnerability in Cattown JavaScript Markdown Parser
CVE-2025-58451

8.7HIGH

Key Information:

Vendor: Ieaturanium238
Status: Cattown
Vendor: CVE Published:; 8 September 2025

🔔 Create Ieaturanium238 Vulnerability Alert

What is CVE-2025-58451?

The Cattown JavaScript markdown parser, versions prior to 1.0.2, is susceptible to a vulnerability that can lead to resource exhaustion. This issue arises from the use of regular expressions with inefficient, potentially exponential worst-case complexity. When processing specially crafted inputs, the parser may experience excessive CPU utilization due to extensive backtracking, ultimately resulting in denial of service. The recent patch in version 1.0.2 addresses this vulnerability. Users are advised to limit and monitor untrusted input sources to enhance security.

Affected Version(s)

Cattown < 1.0.2

References

https://github.com/IEatUranium238/Cattown/security/adviso...

x_refsource_CONFIRM

https://github.com/IEatUranium238/Cattown/commit/70c2a28f...

x_refsource_MISC

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2025
Vulnerability Reserved
Sep 1, 2025