Moderate severityNVD Advisory· Published Jun 9, 2025· Updated Jun 10, 2025
vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos
CVE-2025-5897
Description
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@vue/cli-plugin-pwanpm | <= 5.0.8 | — |
Affected products
2Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-79vf-hf9f-j9q8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-5897ghsaADVISORY
- vuldb.comghsathird-party-advisoryWEB
- github.com/vuejs/vue-cli/pull/7478ghsaissue-trackingWEB
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.