EUVD-2025-28874

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Security flaw in mixmark-io turndown 7.2.1 enables remote exploit via regex in src/commonmark-rules.js.

Reporter	Title	Published	Views	Family All 20
IBM Security Bulletins	Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-9670)	20 Nov 202510:10	–	ibm
Circl	CVE-2025-9670	29 Aug 202523:09	–	circl
CNNVD	Turndown 安全漏洞	29 Aug 202500:00	–	cnnvd
CVE	CVE-2025-9670	29 Aug 202519:02	–	cve
Cvelist	CVE-2025-9670 mixmark-io turndown commonmark-rules.js redos	29 Aug 202519:02	–	cvelist
Debian CVE	CVE-2025-9670	29 Aug 202519:02	–	debiancve
NCSC	Vulnerabilities fixed in Siemens products	10 Mar 202612:39	–	ncsc
NVD	CVE-2025-9670	29 Aug 202519:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - April 2026	24 Apr 202600:00	–	oracle
OSV	DEBIAN-CVE-2025-9670	29 Aug 202519:15	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "fc92ff60-d936-31ed-a06f-4a1c426ceb16",
        "vendor": {
          "name": "mixmark-io"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5eee7136-1d37-3d81-b30d-4ee51de44eb3",
        "product": {
          "name": "turndown"
        },
        "product_version": "7.2.0"
      },
      {
        "id": "6a08e472-a83a-35dd-befb-fc03e8fd4148",
        "product": {
          "name": "turndown"
        },
        "product_version": "7.2.1"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/mixmark-io/turndown/issues/501
github	www.github.com/mixmark-io/turndown/issues/501

03 Oct 2025 20:07Current

5.4Medium risk

Vulners AI Score5.4

CVSS 46.9

CVSS 25

CVSS 3.15.3

CVSS 35.3

EPSS0.00088

SSVC