CVE-2025-6493

Public on 2025-06-22
Modified on 2025-06-24
Description
A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."
Severity
Medium severity
Medium
See what this means
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Firefox Extra firefox Not Affected
Amazon Linux 2023 firefox Not Affected
Amazon Linux 2 - Core gjs Not Affected
Amazon Linux 2023 gjs Not Affected
Amazon Linux 2 - Core thunderbird Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L