A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

No data.

No data.

No data.

References
Link Providers
https://github.com/marktext/marktext/pull/3952 cve-icon cve-icon
https://github.com/mmmsssttt404/marktext/blob/c59b3ad423dfa082869933baf9f5d5c69bdcc560/test/unit/specs/match-electron-accelerator.spec.js#L155-L164 cve-icon cve-icon
https://vuldb.com/?ctiid.313609 cve-icon cve-icon
https://vuldb.com/?id.313609 cve-icon cve-icon
https://vuldb.com/?submit.598208 cve-icon cve-icon
History

Mon, 23 Jun 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 22 Jun 2025 20:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Title MarkText index.js getRecommendTitleFromMarkdownString redos
Weaknesses CWE-1333
CWE-400
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-06-22T20:00:14.265Z

Updated: 2025-06-23T16:33:52.463Z

Reserved: 2025-06-22T06:05:35.463Z

Link: CVE-2025-6492

cve-icon Vulnrichment

Updated: 2025-06-23T16:33:48.859Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-22T20:15:19.803

Modified: 2025-06-23T20:16:21.633

Link: CVE-2025-6492

cve-icon Redhat

No data.