CVE-2025-6493Uncontrolled Resource Consumption in Codemirror

CWE-400Uncontrolled Resource ConsumptionCWE-1333Regex Denial of Service6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 75.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Codemirror
Timeline
PublishedJun 22
Latest updateJun 23

Description

A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issu

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5codemirror/codemirror21 versions+20

🔴Vulnerability Details

3
GHSA
GHSA-pff4-9qxc-79mq: A vulnerability was found in CodeMirror up to 52025-06-23
OSV
CVE-2025-6493: A weakness has been identified in CodeMirror up to 52025-06-22
CVEList
CodeMirror Markdown Mode markdown.js redos2025-06-22

📋Vendor Advisories

2
Red Hat
codemirror: CodeMirror Markdown Regex Complexity Vulnerability2025-06-22
Debian
CVE-2025-6493: codemirror-js - A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unkno...2025
CVE-2025-6493 — Uncontrolled Resource Consumption | cvebase