CVE-2025-69534

Published: Mar 5, 2026

Modified: Mar 12, 2026

PUBLISHED

Description

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Python-Markdown/markdown/issues/1534

https://github.com/Python-Markdown/markdown

https://github.com/Python-Markdown/markdown/actions/runs/15736122892

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-69534

Description

Affected Products

References