CVE-2025-7969 Common Vulnerabilities and Exposures

Upstream information

CVE-2025-7969 at MITRE

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs.

This issue affects markdown-it: 14.1.0. NOTE: the Supplier does not consider this issue to be a vulnerability.

SUSE information

Overall state of this security issue: Pending

This issue is currently rated as having important severity.

CVSS v3 Scores
	SUSE
Base Score	7.1
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	Required
Scope	Changed
Confidentiality Impact	Low
Integrity Impact	Low
Availability Impact	Low
CVSSv3 Version	3.1

CVSS v4 Scores
	CNA (help@fluidattacks.com)	SUSE
Base Score	6.9	5.3
Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
Attack Vector	Network	Network
Attack Complexity	Low	Low
Attack Requirements	None	None
Privileges Required	None	None
User Interaction	None	Passive
Vulnerable System Confidentiality Impact	None	None
Vulnerable System Integrity Impact	None	None
Vulnerable System Availability Impact	None	None
Subsequent System Confidentiality Impact	Low	Low
Subsequent System Integrity Impact	Low	Low
Subsequent System Availability Impact	None	Low
CVSSv4 Version	4.0	4.0

SUSE Bugzilla entry: 1248469 [NEW]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Thu Aug 21 19:42:45 2025
CVE page last modified: Mon Sep 1 21:19:57 2025