Vulnerability in Vue.js CLI Affecting Markdown Code Handler
CVE-2025-5897

5.3MEDIUM

Key Information:

Vendor: Vuejs
Status: Vue-cli
Vendor: CVE Published:; 9 June 2025

What is CVE-2025-5897?

A significant vulnerability has been identified in the Vue.js CLI, specifically targeting the HtmlPwaPlugin function within the Markdown Code Handler. This flaw can lead to extensive computational overhead due to inefficient regular expression complexity. Attackers can exploit this vulnerability remotely, potentially causing service degradation or denial of service. It is crucial for users to update to the latest versions to mitigate risks associated with this issue.

Affected Version(s)

vue-cli 5.0.0

vue-cli 5.0.1

vue-cli 5.0.2

References

https://vuldb.com/?id.311669

vdb-entrytechnical-description

https://vuldb.com/?ctiid.311669

signaturepermissions-required

https://vuldb.com/?submit.585798

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2025
Vulnerability Reserved
Jun 9, 2025

Credit

mmmsssttt (VulDB User)

Vuejs

What is CVE-2025-5897?

Affected Version(s)

References

CVSS V4

Timeline

Credit