CVE-2025-66400 – mdast-util-to-hast unsanitized class attribute

CVE ID : CVE-2025-66400

Published : Dec. 1, 2025, 11:15 p.m. | 1 hour, 9 minutes ago

Description : mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This vulnerability is fixed in 13.2.1.

Severity: 6.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-66448 – vLLM vulnerable to remote code execution via transformers_utils/get_config

CVE-2025-66415 – fastify-reply-from bypass of reply forwarding

CVE-2025-66412 – Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

CVE-2025-66410 – Gin-vue-admin has an arbitrary file deletion vulnerability