A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

No data.

No data.

No data.

References
Link Providers
https://github.com/vuejs/vue-cli/pull/7478 cve-icon cve-icon cve-icon
https://vuldb.com/?ctiid.311669 cve-icon cve-icon
https://vuldb.com/?id.311669 cve-icon cve-icon
https://vuldb.com/?submit.585798 cve-icon cve-icon
History

Tue, 10 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Jun 2025 21:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.
Title vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos
Weaknesses CWE-1333
CWE-400
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:TF/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:T/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:T/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X'}
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-06-09T21:00:17.023Z

Updated: 2025-06-10T15:29:58.751Z

Reserved: 2025-06-09T07:02:15.578Z

Link: CVE-2025-5897

cve-icon Vulnrichment

Updated: 2025-06-10T14:22:19.901Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-09T21:15:47.707

Modified: 2025-06-12T16:06:47.857

Link: CVE-2025-5897

cve-icon Redhat

No data.