CVE-2025-5897 MEDIUM

CVE-2025-5897: vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos

Vendor Vuejs
Product vue-cli
Weakness CWE-1333
Published June 9, 2025
Last update June 10, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.

Key dates

02Disclosure timeline

June 9, 2025 CVE published
June 10, 2025 Record updated