ReDOS Vulnerability in PyMdown Extensions for Python-Markdown
CVE-2025-68142

2.7LOW

Key Information:

Vendor

Facelessuser

Status
Pymdown-extensions
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68142?

The PyMdown Extensions include a variety of enhancements for the Python-Markdown project, but versions prior to 10.16.1 contain a vulnerability in the figure caption extension (pymdownx.blocks.caption). This ReDOS issue can lead to performance degradation, causing significant delays while processing malicious user inputs. Users implementing systems that handle untrusted content may experience severe disruptions. The vulnerability can be mitigated by updating to version 10.16.1 or by avoiding the usage of pymdownx.blocks.caption in environments where unprocessed user content is taken. Additional safeguards should be in place to manage potential excessive data input.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

pymdown-extensions < 10.16.1

References

https://github.com/facelessuser/pymdown-extensions/securi...
x_refsource_CONFIRM
https://github.com/facelessuser/pymdown-extensions/commit...
x_refsource_MISC
https://pypi.org/project/pymdown-extensions/10.16.1
x_refsource_MISC

CVSS V4

Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.