Inefficient Regular Expression Complexity

CVE-2025-5897

Medium

5.3/10

Summary

A vulnerability was found in VueJS Vue-CLI. It has been rated as problematic. This issue affects the function "HtmlPwaPlugin" of the file "packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js" of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References

Advisory
Pull request

Advisory Timeline

Published Jun 09, 2025

Inefficient Regular Expression Complexity

CVE-2025-5897

Summary

CWE-1333 - Inefficient Regular Expression Complexity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS