CVE-2025-5897

Summary

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.

Affected Software

VendorProductVersion RangeStatus
vuejsvue-cli5.0.0affected
vuejsvue-cli5.0.1affected
vuejsvue-cli5.0.2affected
vuejsvue-cli5.0.3affected
vuejsvue-cli5.0.4affected
vuejsvue-cli5.0.5affected
vuejsvue-cli5.0.6affected
vuejsvue-cli5.0.7affected
vuejsvue-cli5.0.8affected

Weaknesses

  • CWE-1333: Inefficient Regular Expression Complexity
  • CWE-400: Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References