CVE-2025-45526

Published: Jun 17, 2025

Modified: Jun 26, 2025

PUBLISHED

CVSS v3.1

2.9

LOW

Description

A denial of service (DoS) vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content (e.g., 100 million characters) is processed, the reset function in microlight.js consumes excessive memory and CPU resources, causing browser crashes or unresponsiveness. An attacker can exploit this vulnerability by tricking a user into visiting a malicious web page containing a microlight element with large content, resulting in a denial of service. NOTE: this is disputed by multiple parties because a large amount of memory and CPU resources is expected to be needed for content of that size.

Vendor	Product	Versions
asvd	microlight	affected `0 - <= 0.0.7`

Weaknesses (CWE)

CWE-770

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://gist.github.com/Rootingg/483b09b760d031b62b172f2153f3ed2a

https://github.com/github/advisory-database/pull/5730

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-45526

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References