Description

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash. NOTE: this is disputed by multiple parties because there is no common scenario in which an adversary can insert those non-standard values.

INFO

Published Date :

2025-06-17T00:00:00.000Z

Last Modified :

2025-08-26T18:51:45.895Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-45525 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-45525.

URL Resource
https://gist.github.com/Rootingg/843368931f70886bed3cf982f10a4424 cve-icon cve-icon
https://github.com/github/advisory-database/pull/5730 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact