Inefficient Regular Expression Complexity Vulnerability in CodeMirror Markdown Mode
CVE-2025-6493
Key Information:
- Vendor
CodeMirror
- Status
- Vendor
- CVE Published:
- 22 June 2025
Badges
What is CVE-2025-6493?
A known vulnerability exists in the Markdown Mode of CodeMirror versions up to 5.17.0, characterized by inefficient regular expression complexity. This issue could result in performance degradation and allows for potential remote exploitation. Although specific code samples and exploits have been disclosed publicly, it's essential for users to be aware that CodeMirror 6 offers an enhanced and actively maintained alternative for mitigating this vulnerability.
Affected Version(s)
CodeMirror 5.0
CodeMirror 5.1
CodeMirror 5.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved