CVE-2025-5897 vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos

🗓️ 09 Jun 2025 21:00:17Reported by VulDBType

Vulnerability CVE-2025-5897 in Vue CLI affects HtmlPwaPlugin with regex complexity issues.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2025-5897	9 Jun 202521:31	–	circl
CNNVD	vuejs Vue CLI 安全漏洞	9 Jun 202500:00	–	cnnvd
CVE	CVE-2025-5897	9 Jun 202521:00	–	cve
EUVD	EUVD-2025-17579	3 Oct 202520:07	–	euvd
Github Security Blog	@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability	9 Jun 202521:30	–	github
NVD	CVE-2025-5897	9 Jun 202521:15	–	nvd
OSV	GHSA-79VF-HF9F-J9Q8 @vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability	9 Jun 202521:30	–	osv
Positive Technologies	PT-2025-24567 · Vue.Js · Vue-Cli	9 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-5897	11 Jun 202521:08	–	redhatcve
Veracode	Regular Expression Denial Of Service (ReDoS)	10 Jun 202506:06	–	veracode

[
  {
    "vendor": "vuejs",
    "product": "vue-cli",
    "versions": [
      {
        "version": "5.0.0",
        "status": "affected"
      },
      {
        "version": "5.0.1",
        "status": "affected"
      },
      {
        "version": "5.0.2",
        "status": "affected"
      },
      {
        "version": "5.0.3",
        "status": "affected"
      },
      {
        "version": "5.0.4",
        "status": "affected"
      },
      {
        "version": "5.0.5",
        "status": "affected"
      },
      {
        "version": "5.0.6",
        "status": "affected"
      },
      {
        "version": "5.0.7",
        "status": "affected"
      },
      {
        "version": "5.0.8",
        "status": "affected"
      }
    ],
    "modules": [
      "Markdown Code Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/vuejs/vue-cli/pull/7478
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

09 Jun 2025 21:00Current

CVSS 24

CVSS 3.14.3

CVSS 34.3

CVSS 45.3

EPSS0.00635