Input Validation Issue in Mkdocs Markdown Includer Plugin by Mondeja
CVE-2025-59940

6.5MEDIUM

Key Information:

Vendor

Mondeja

Status
Mkdocs-include-markdown-plugin
Vendor
CVE Published:
29 September 2025

What is CVE-2025-59940?

The mkdocs-include-markdown-plugin is a popular tool for including Markdown content in Mkdocs documentation. In versions 7.1.7 and earlier, it suffers from an input validation vulnerability that can lead to collisions with substitution placeholders. This flaw potentially allows unvalidated input to be processed unnecessarily, leading to unexpected behavior. Users are strongly advised to upgrade to version 7.1.8 or later where this issue has been properly addressed.

Affected Version(s)

mkdocs-include-markdown-plugin < 7.1.8

References

https://github.com/mondeja/mkdocs-include-markdown-plugin...
x_refsource_CONFIRM
https://github.com/mondeja/mkdocs-include-markdown-plugin...
x_refsource_MISC
https://github.com/mondeja/mkdocs-include-markdown-plugin...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-59940 : Input Validation Issue in Mkdocs Markdown Includer Plugin by Mondeja