Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-9670)

Summary IBM Security SOAR uses an older version of the turndown javascript module that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.8.0 Vulnerability Details CVEID:CVE-2025-9670 DESCRIPTION...

EUVD-2025-28874

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-9670

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing...

Regular Expression Denial of Service (ReDoS)

Overview turndown is an A library that converts HTML to Markdown Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the replacement function in commonmark-rules.js. An attacker can cause excessive resource consumption. PoC js const attackString =...

1dr-cli (>=0.2.10 <=0.5.14), 2c2p-integration (>=0.2.0 <=0.2.2) +4071 more potentially affected by CVE-2025-9670 via turndown (>=4.0.1 <=7.2.4)

turndown NPM version =4.0.1, =0.2.10, =0.2.0, =0.0.1, =1.0.0, =1.0.0, =0.2.1, =0.1.0, =0.1.0, =0.1.1, =0.2.9, =0.5.0, =4.0.0-beta.4, =1.0.0, =1.3.1 and more Source cves: CVE-2025-9670 Source advisory: SNYK:JS-TURNDOWN-12304081...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:turndown is an A library that converts HTML to Markdown Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the replacement function in commonmark-rules.js. An attacker can cause excessive resource consumption. PoC js const...

org.webjars.npm:ckeditor5 (>=44.1.0 <=44.3.0), org.webjars.npm:ckeditor__ckeditor5-adapter-ckfinder (>=44.1.0 <=44.3.0) +59 more potentially affected by CVE-2025-9670 via org.webjars.npm:turndown (=7.2.0)

org.webjars.npm:turndown MAVEN version =7.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:turndown and may be impacted: - org.webjars.npm:ckeditor5 =44.1.0, =44.1.0, =44.1.0, =44.1.0, =44.1.0, =44.1.0, =44.1.0, =44.1.0, =44.1.0,...

DEBIAN-CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

UBUNTU-CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-9670

CVE-2025-9670 concerns mixmark-io turndown up to 7.2.1, with a vulnerability in src/commonmark-rules.js that leads to inefficient regular-expression handling. IBM Security SOAR versions 51.0.7.x and earlier are affected; IBM recommends upgrading to v51.0.8.0 to address the issue. The vulnerabilit...

Turndown 安全漏洞

Turndown is an HTML to Markdown converter open source by mixmark-io. A security vulnerability exists in Turndown 7.2.1 and earlier versions, which stems from a regular expression inefficiency in the file src/commonmark-rules.js that could lead to a denial-of-service attack...

SUSE CVE-2024-57933

In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, disabling or enabling XSK pools would result i...

PT-2025-35305 · Unknown +1 · Mixmark-Io Turndown +1

Name of the Vulnerable Software and Affected Versions: mixmark-io turndown versions through 7.2.1 Description: A security flaw exists in mixmark-io turndown, potentially leading to inefficient regular expression complexity through manipulation of an unknown function within the...